Thanks! I will use Nagios for monitoring, and/or correlate its events with ossec.log (parse this log itself). And we will see the efficiency.
2017. február 1., szerda 14:22:19 UTC+1 időpontban dan (ddpbsd) a következőt írta: > > On Wed, Feb 1, 2017 at 7:14 AM, Tibor Luth <tibo...@gmail.com > <javascript:>> wrote: > > Nothing at all. That's why I thought to monitor a command output. > Primarily > > in the mentioned (ossec-server side) appliance. Thanks the reply. (I > havent > > figured out any solution yet). > > > > Well there should be alerts when an agent disconnects. Beyond that, I > think your only option is hacking something up with ELK or a similar > technology. > I have been thinking about these issues, but as always time is an issue. > > > 2017. január 31., kedd 15:23:00 UTC+1 időpontban dan (ddpbsd) a > következőt > > írta: > >> > >> On Mon, Jan 30, 2017 at 9:14 AM, Tibor Luth <tibo...@gmail.com> wrote: > >> > Hi all! > >> > > >> > I have a few datasources sending remote syslog to an OSSIM appliance > >> > running > >> > Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I > would > >> > like to generate alerts or see in logs if a datasource (ossec-agents > >> > also) > >> > lost connection or stopped logging... (eg. misconfiguration happened, > >> > new > >> > firewall rule is blocking.. etc). Is it possible somehow? I thought > to > >> > monitor a command with OSSEC like tcpdump, tshark, netstat or > somehing > >> > like > >> > that for standard syslog protocoll and write a custom ossim plugin > for > >> > local > >> > ossec.log. > >> > Ideas are welcomed! :) > >> > Thank you! > >> > > >> > >> Do you have any logs that indicate the system is no longer logging to > >> the intended destination? > >> > >> > T. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to ossec-list+...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
