I ended up moving this bash script to the Security Onion server then with help her wrote basic decoders and rules to trigger alerts. Still going to play with the agent custom log file issue off and on.
On Friday, June 10, 2016 at 11:12:02 AM UTC-5, Jacob Mcgrath wrote: > > ANy have a issue like this.... The Ossec server says its not available and > ignores it. But it is there weird ? > > root@alamo:/home/mis/admin-tools/logs# tail \ ping-domain.log > System Check Domain Cluster - AHHHHHHHH appears to be down 06092016 > 09:50:01 > System Check Domain Cluster - AHHHHHHHH appears to be down 06092016 > 09:52:01 > System Check Domain Cluster - AHHHHHHHH appears to be down 06092016 > 09:54:01 > > > > root@alamo:/home/mis/admin-tools/logs# tail \ ping-game.log > System Check Gaming Cluster - appears to be down for 5 minutes 06102016 > 10:52:01 > System Check Gaming Cluster - appears to be down for 5 minutes 06102016 > 10:54:01 > System Check Gaming Cluster - appears to be down for 5 minutes 06102016 > 10:56:01 > > > > > > 2016/06/10 10:49:06 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/home/mis/admin-tools/logs/ping-domain.log > '. > 2016/06/10 10:49:06 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/home/mis/admin-tools/logs/ping-games.log' > . > root@alamo:/var/ossec/logs/alerts# ls -la /home/mis/admin-tools/logs/ > total 76 > drwxrwxr-x 2 mis mis 4096 Jun 8 13:10 . > drwxrwxr-x 4 mis mis 4096 Jun 8 08:13 .. > -rw-r--r-- 1 root root 7337 Jun 9 10:08 ping-domain.log > -rw-r--r-- 1 root root 52452 Jun 10 10:52 ping-game.log > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
