Re: [ossec-list] Log firewall changes
Hi, I want to get a message, when the ruleset of iptables gets modified. But I see that iptables doesn't log its changes. Or am I wrong? Thanks! Regards Burkhard Am 17.02.2020 um 16:20 schrieb dan (ddp): On Mon, Feb 17, 2020 at 9:25 AM Burkhard Schultheis wrote: Hi, I want to get an email from OSSEC when a port is opened or closed in the firewall. Therefore I changed "no_log" in firewall_rules.xml to "log". But the OSSEC failed to start. What's wrong? How to get the desired emails for firewall changes? It's OSSEC v3.3.0 on CentOS 6.10. What do you mean by "a port is opened or closed in the firewall?" Do you mean when a program is listening on a port, or the ruleset is modified to allow traffic through a particular port? What type of firewall? I don't think "log" is a valid value for . Just remove the line. You can look at the ossec.log on the server for more details as to why it's failing. Thanks in advance! Regards Burkhard -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/359319ec-a624-3014-710b-68b871fa514d%40web.de. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/54e1a186-73f1-aa03-afc0-8bc762b833b2%40gmail.com.
Re: [ossec-list] Log firewall changes
On Mon, Feb 17, 2020 at 9:25 AM Burkhard Schultheis wrote: > > Hi, > > I want to get an email from OSSEC when a port is opened or closed in the > firewall. Therefore I changed "no_log" in firewall_rules.xml to "log". > But the OSSEC failed to start. What's wrong? How to get the desired > emails for firewall changes? It's OSSEC v3.3.0 on CentOS 6.10. > What do you mean by "a port is opened or closed in the firewall?" Do you mean when a program is listening on a port, or the ruleset is modified to allow traffic through a particular port? What type of firewall? I don't think "log" is a valid value for . Just remove the line. You can look at the ossec.log on the server for more details as to why it's failing. > Thanks in advance! > > Regards > Burkhard > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/359319ec-a624-3014-710b-68b871fa514d%40web.de. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMqY6pHX8yYqigUqkBjvTniGZ1v0uAfkXi95ONgwmSM3og%40mail.gmail.com.
[ossec-list] Log firewall changes
Hi, I want to get an email from OSSEC when a port is opened or closed in the firewall. Therefore I changed "no_log" in firewall_rules.xml to "log". But the OSSEC failed to start. What's wrong? How to get the desired emails for firewall changes? It's OSSEC v3.3.0 on CentOS 6.10. Thanks in advance! Regards Burkhard -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/359319ec-a624-3014-710b-68b871fa514d%40web.de.