Hello experts, I want to monitor apache access.log on ubunu using ossec. Have configured local_rules.xml as below, in addition to adding the log file /var/log/apache2/acces.log to ossec.conf file.
Entry in local_rules.xml: <group>apache,</group> </rule> <rule id="31101" level="10" overwrite="yes"> <if_sid>31100</if_sid> <description>Web server 400 error code.</description> </rule> </group> When I hit the apache server with too many not existent URLs ( this forcing too many 404 in access.log), I was expecting to receive email and generate alerts. I don't see any activity in the ossec log or alert log. Can you please provide some pointers how to solve? Thanks in advance, -R -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.