On Mar 3, 2016 5:07 AM, "Bhuvanesh Bhuvanachandran" <bhuvane...@gmail.com> wrote: > > Hi Folks, > > > > I am new to Ossec, and trying out the functionalities of Ossec for a requirement in my company. I need some help with some of the concepts that I am trying to achieve. > > > > Basically I am using a combination of Ossec + Logstash + Elastic search Kibana to get the things visualized in a useful way. All these components integrated successfully. > > > > I have one apache web server (for testing purpose ) which is monitored by Ossec agent and the results are getting shipped to the Ossec server. But when looking at the syslog output of Ossec server I can only see some suspicious/error log entries of apache; like log entries with 400 error code, that triggers some Ossec rules. On IDS point of view it is perfect. But I need all logs getting shipped to a central server. > > > > What I am expecting here is, I want to get all logs of apache (Including 200 status code) get shipped to Ossec server and made available at the syslog output of Ossec server so that logstash can further parse the logs. > > > > Is this something possible with Ossec ? If it is how I can achieve this ? Please advise. >
If you use the log all option all logs ossec receives will be saved to archives.log. the syslog output is just for alerts though. > > > > > Thanks & Regards, > > > > Bhuvanesh > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
