[ossec-list] Syscheck Database names?
Hi team, Agents are name like '(agent_name) agent_ip->syscheck', right? Sometimes I meet with a file with these files in my syscheck folder: (agent_name) agent_ip->syscheck-registry > .(agent_name) agent_ip->syscheck.cpt What are they exactly? Are they just internal temporally files? Should I ignore them? And could someone confirm what name should have the syscheck database for the server (or manager) ? Thanks team! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Send my own logs to Ossec server
So in that case i dont need to use syslog to read the logs? what do i need to configure in OSSEC to read this file with logs? these logs can be in any format? On Monday, January 4, 2016 at 2:50:12 PM UTC+1, dan (ddpbsd) wrote: > > On Mon, Jan 4, 2016 at 8:46 AM, Joao T. <garc...@gmail.com > > wrote: > > Can I feed ossec server with log files or just is possible to feed the > > agents? > > > > If those logfiles exist on the server, the OSSEC processes there > should be able to read them. > > > On Thursday, December 31, 2015 at 11:56:10 AM UTC+1, Alberto Mijares > wrote: > >> > >> You can use syslog. Tell syslogd to write a specific file and ossec > >> agent to read that file. > >> > >> Read about syslog format and protocol, and the man page of the syslog > >> server in your OS. > >> > >> Regards > >> > >> > >> Alberto Mijares > >> > >> > >> > >> On Thu, Dec 31, 2015 at 5:34 AM, Joao T. <garc...@gmail.com> wrote: > >> > Hello, > >> > > >> > I would like to know if it is possible to send to Ossec server some > logs > >> > created by my own script running in the same hostname than Ossec > server > >> > ? > >> > To which port should I communicate and what about the message? can be > >> > plain > >> > text? > >> > > >> > Thank you and happy new year > >> > Joao > >> > > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to ossec-list+...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Send my own logs to Ossec server
Can I feed ossec server with log files or just is possible to feed the agents? On Thursday, December 31, 2015 at 11:56:10 AM UTC+1, Alberto Mijares wrote: > > You can use syslog. Tell syslogd to write a specific file and ossec > agent to read that file. > > Read about syslog format and protocol, and the man page of the syslog > server in your OS. > > Regards > > > Alberto Mijares > > > > On Thu, Dec 31, 2015 at 5:34 AM, Joao T. <garc...@gmail.com > > wrote: > > Hello, > > > > I would like to know if it is possible to send to Ossec server some logs > > created by my own script running in the same hostname than Ossec server > ? > > To which port should I communicate and what about the message? can be > plain > > text? > > > > Thank you and happy new year > > Joao > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Send my own logs to Ossec server
Hello, I would like to know if it is possible to send to Ossec server some logs created by my own script running in the same hostname than Ossec server ? To which port should I communicate and what about the message? can be plain text? Thank you and happy new year Joao -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Can anyone explain the syntax of the file /opt/ossec/queue/syscheck?
Hello, this is an old message but couldn't find anything newest about the topic, According with the previous example: !++ 1486:33188:0:1:a465a2fd02717050ca44d6cc24c5d458:bd37d291ce34e363af853958a31f24c74bd85d4 !1330029335 /opt/syslog-ng/conf/syslog-ng.conf In what format is the timestamp? how can I decode !1330029335 into legible date and time? What does mean these numbers between the file size and the hash: 33188:0:1: Thanks! On Wednesday, February 29, 2012 at 6:55:10 AM UTC+1, Marcos wrote: Hi, I find my OSSEC server keeps reporting a file is changed. I checked that file check sum and timestamp and it has nothing change, as far as I can tell. When I try to see what is going on inside the file /opt/ossec/queue/syscheck/(ossec_client) 172.30.XX.XXX - syscheck, I find there are 2 entries related to the same object. The first line below should be created first with a +++ at the beginning of that line. Somehow, when OSSEC server reports there is a change, it create the last line. Can anyone explain what is the meaning of +++ !++ and what is the meaning of !132863#281 and !1330029335? [root@myossec_svr syscheck]# cat (ossec_client) 172.30.XX.XXX -syscheck +++1486:33188:0:1:a465a2fd02717050ca44d6cc24c5d458:bd37d291ce34e363af853958a31f241c74bd85d4 !132863#281 /opt/syslog-ng/conf/syslog-ng.conf !++1486:33188:0:1:a465a2fd02717050ca44d6cc24c5d458:bd37d291ce34e363af853958a31f241c74bd85d4 !1330029335 /opt/syslog-ng/conf/syslog-ng.conf Regards, Marcos -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.