I figured this out on my own and thought I would post a response in the
event someone else is confused as I was.
My Application and System Log data was being sent to the OSSEC server;
however, the server was configured as such that the events I was seeing
within the Window's Event Viewer were n
There is a work-around which I have used.
Dan is correct - you can't get to the folder outside of the chroot-ed jail.
You can however, bring the folder in via:
mount --bind /var/ossec/logs /data/logs/ossec
The trick is to bind the directory so the system still thinks it is part of
the jail.
C
Sort of.
One of the things I did with OSSEC and mySQL - as i had critical tables
that I wanted to know when they were being accessed, was to create a mySQL
trigger that would write a logfile entry anytime the table was access with
all the information needed. OSSEC of course picked this up and al
I have OSSEC up and running and generating alerts; however, it seems
messages from within the Application and System EventViewer logs are not
being passed to the server, or at least I am not seeing the informational
messages within the logs on the server-side.
My windows-agent ossec.conf does c
