@Michiel did you ever get this set up? If so do you have any tips you can share?
On Tuesday, February 18, 2014 at 2:30:34 AM UTC-8, Michiel van Es wrote: > > I found something interesting at > http://blog.kintoandar.com/2011/01/nagios-nrpe-ossec-check.html which > uses NRPE to swatch/grep the alerts.log logfile for specific alert levels > and display those in Nagios. > > Op donderdag 6 februari 2014 10:28:58 UTC+1 schreef Chris H: >> >> could you do something with the syslog output? send the alerts you're >> interested in to syslog on the nagios host and tail the logs from that? >> Might allow you to be a bit more selective, too. >> >> On Wednesday, February 5, 2014 1:53:38 PM UTC, Michiel van Es wrote: >>> >>> To be more precise: this is the most valuable link I found: >>> http://blog.kintoandar.com/2011/01/nagios-nrpe-ossec-check.html >>> I am still interested in other peoples' implementations. >>> >>> Op woensdag 5 februari 2014 14:45:26 UTC+1 schreef Michiel van Es: >>>> >>>> Yes, First 3 hits about mail scripts (nagios exchange) and 'swatch >>>> alike scripts' but not a lot of specific setup information. >>>> That is why I ask it here what people use nowadays and how their setup >>>> looks like. >>>> >>>> Michiel >>>> >>>> Op woensdag 5 februari 2014 14:32:47 UTC+1 schreef Darin Perusich: >>>>> >>>>> Have you asked Google? >>>>> -- >>>>> Later, >>>>> Darin >>>>> >>>>> >>>>> On Wed, Feb 5, 2014 at 6:47 AM, Michiel van Es <vanesm...@gmail.com> >>>>> wrote: >>>>> > Hello, >>>>> > >>>>> > I was wondering if someone already used the OSSEC and Nagios to >>>>> generate >>>>> > alerts ? >>>>> > I have the following idea in my head: alert of level 11+ will be >>>>> seen by a >>>>> > monitor/swatch script tailing the /var/ossec/logs/alerts/alerts.log >>>>> logfile >>>>> > and generates an alert/trigger and sends it to Nagios. >>>>> > Nagios generates an alert, shows in on a dashboard. >>>>> > Engineer fixes the issue or filters the alert (in case of a false >>>>> positive) >>>>> > and OK/ACK the alert in Nagios. >>>>> > >>>>> > Or has someone else a better idea how to integrate these 2 together? >>>>> > >>>>> > All tips are more then welcome! >>>>> > >>>>> > Michiel >>>>> > >>>>> > -- >>>>> > >>>>> > --- >>>>> > You received this message because you are subscribed to the Google >>>>> Groups >>>>> > "ossec-list" group. >>>>> > To unsubscribe from this group and stop receiving emails from it, >>>>> send an >>>>> > email to ossec-list+...@googlegroups.com. >>>>> > For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
