Nothing at all. That's why I thought to monitor a command output. Primarily in the mentioned (ossec-server side) appliance. Thanks the reply. (I havent figured out any solution yet).
2017. január 31., kedd 15:23:00 UTC+1 időpontban dan (ddpbsd) a következőt írta: > > On Mon, Jan 30, 2017 at 9:14 AM, Tibor Luth <tibo...@gmail.com > <javascript:>> wrote: > > Hi all! > > > > I have a few datasources sending remote syslog to an OSSIM appliance > running > > Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I would > > like to generate alerts or see in logs if a datasource (ossec-agents > also) > > lost connection or stopped logging... (eg. misconfiguration happened, > new > > firewall rule is blocking.. etc). Is it possible somehow? I thought to > > monitor a command with OSSEC like tcpdump, tshark, netstat or somehing > like > > that for standard syslog protocoll and write a custom ossim plugin for > local > > ossec.log. > > Ideas are welcomed! :) > > Thank you! > > > > Do you have any logs that indicate the system is no longer logging to > the intended destination? > > > T. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
