[ossec-list] for what time ossec save logs?

Hi everyone, Who can tell me how much time ossec saves my logs? i need to configure or how it is work?, i need ossec to save my logs for minimum 2 years. Any help would be greatly appreciated Thanks, Maxim -- --- You received this message because you are subscribed to the Google Groups "o

Re: [ossec-list] for what time ossec save logs?

On Mon, Dec 28, 2015 at 7:00 AM, Maxim Surdu wrote: > Hi everyone, > > Who can tell me how much time ossec saves my logs? i need to configure or > how it is work?, i need ossec to save my logs for minimum 2 years. > > Any help would be greatly appreciated > OSSEC does not currently delete logs.

Re: [ossec-list] Nothing returned (or search expired)

Hi Vipin, ok, does the tmp directory exist inside your ossec installation? this directory should belong to root:apache or whatever your group for the webserver user is called I had this problem a while ago too, and I think this was my issue along with some missing SELinux permissions... wh

Re: [ossec-list] Nothing returned (or search expired)

On Fri, Dec 25, 2015 at 7:12 AM, Vipin Hooda wrote: > Hi Dan, > > Yes we have log level 7 alerts in OSSEC-WUI but I do not know from where I > can find PHP error details. So kindly guide. > I believe it will be in your webserver's error log. > > Regards > Vipin Hooda > > -Original Message--

Re: [ossec-list] Nothing returned (or search expired)

yeah, check your webserver logs if you see something like this Warning: opendir(/var/ossec/etc/ossec.conf) [function.opendir]: failed to open dir: Permission denied in /var/www/ossec-wui/lib/os_lib_handle.php on line 94 Am Montag, 28. Dezember 2015 16:44:07 UTC+1 schrieb dan (ddpbsd): > > On F

[ossec-list] Using Regular Expressions in an OSSEC rule

Hello all and Happy Holidays, I setup a rule to look for log-in's after hours as follows: authentication 6 pm - 9 am Login after hours 50 USERNAME Ignore USERNAME The first rule tries to pickup all logins after hours, and the subordinate rule tries to stri

[ossec-list] OSSEC regex issues in hostname for custom rule

Hello, I'm having trouble getting Regex to work in the field in my custom OSSEC rule. According to the OSSEC documentation here I should be able to use a regex in the hostname qualifier. When I add any regex value

Re: [ossec-list] OSSEC regex issues in hostname for custom rule

On Dec 28, 2015 3:17 PM, "Francisco" wrote: > > Hello, > > I'm having trouble getting Regex to work in the field in my custom OSSEC rule. According to the OSSEC documentation here I should be able to use a regex in the hostname qualifier. > Despite qhat the documentation might say, I don't think