subject:"\[ossec\-list\] Re\: OSSEC log analysis settings for apache access\/error.log"

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

2017-07-09 Thread Kazim Koybasi

Thank you for your answers.Now It triggers that rule 31152 normally.I was 
overwrited the rule frequency in local rules and forgot that.Sorry for that 
mistake.

On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>
> I added config below to etc/shared/agent.conf in ossec-server home 
> directory but there is no alerts in server.What could I need with this 
> configuration?
>
>
> 
> 
> apache
> /var/log/httpd/site/site_log
> 
> 
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC log analysis settings for apache access/error.log

2017-07-08 Thread dan (ddp)

On Fri, Jul 7, 2017 at 4:15 AM, Kazim Koybasi  wrote:
> Yes OSSEC mentioning about log files and says analyzing log file. I tried
> with apache log format and without logformat settings and results is
> same.What could be a workaround for that?
>

Provide a log sample of a log you expect to fire an alert.

> On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>>
>> I added config below to etc/shared/agent.conf in ossec-server home
>> directory but there is no alerts in server.What could I need with this
>> configuration?
>>
>>
>> 
>> 
>> apache
>> /var/log/httpd/site/site_log
>> 
>> 
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

2017-07-07 Thread Jesus Linares

Hi Kazim,


   - Review the ossec.log of your agent: is it monitoring the file? are 
   there errors?.
   - The log file must exist before OSSEC is started.
   - Try with the format "syslog".
   - Copy some logs to /var/ossec/bin/ossec-logtest and check if an alert 
   would be generated.

Just some ideas.

I hope it helps.
Regards.

On Friday, July 7, 2017 at 10:15:02 AM UTC+2, Kazim Koybasi wrote:
>
> Yes OSSEC mentioning about log files and says analyzing log file. I tried 
> with apache log format and without logformat settings and results is 
> same.What could be a workaround for that?
>
> On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>>
>> I added config below to etc/shared/agent.conf in ossec-server home 
>> directory but there is no alerts in server.What could I need with this 
>> configuration?
>>
>>
>> 
>> 
>> apache
>> /var/log/httpd/site/site_log
>> 
>> 
>>
>>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

2017-07-07 Thread Kazim Koybasi

Yes OSSEC mentioning about log files and says analyzing log file. I tried 
with apache log format and without logformat settings and results is 
same.What could be a workaround for that?

On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>
> I added config below to etc/shared/agent.conf in ossec-server home 
> directory but there is no alerts in server.What could I need with this 
> configuration?
>
>
> 
> 
> apache
> /var/log/httpd/site/site_log
> 
> 
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

2017-07-06 Thread Kazim Koybasi

Thanks for quick response.

Server has running apache , I restarted apache it show log that it monitors 
all apache config and I connect with my browser and made multple 404 error 
codes from same server . default log level is 7 for ossec. OSSEC exact 
configuration like below and my server hosts 7 vhost so there is so much 
log. Can the reason of that from type of apache server log format? For 
example my apache has some server combined log format and some other common 
log format.

 /var/log/httpd/*/*_log

On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>
> I added config below to etc/shared/agent.conf in ossec-server home 
> directory but there is no alerts in server.What could I need with this 
> configuration?
>
>
> 
> 
> apache
> /var/log/httpd/site/site_log
> 
> 
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

Re: [ossec-list] Re: OSSEC log analysis settings for apache access/error.log

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

5 matches

Site Navigation

Mail list logo

Footer information