On Tue, Jan 11, 2011 at 5:40 PM, Patrick Melvin
wrote:
> Adjusted the level for rootcheck/syscheck rules to 15 and I have in my
> ossec.conf to only log level 15 rules that trip. Would I throw all
> rules I need to modify into local_rules.xml? Will local_rules.xml
> take priority over a duplicat
Adjusted the level for rootcheck/syscheck rules to 15 and I have in my
ossec.conf to only log level 15 rules that trip. Would I throw all
rules I need to modify into local_rules.xml? Will local_rules.xml
take priority over a duplicate rule found in ossec_rules.xml?
Thanks,
Patrick
On Tue, Jan 1
On Tue, Jan 11, 2011 at 5:13 PM, Patrick Melvin
wrote:
> Hi Dan, as I was typing answers to your questions, I investigated
> something and found the issue. When I performed a re-install to
> increase the max agents, I told ossec not to overwrite the existing
> rules (as I had made modifications t
Hi Dan, as I was typing answers to your questions, I investigated
something and found the issue. When I performed a re-install to
increase the max agents, I told ossec not to overwrite the existing
rules (as I had made modifications to ossec_rules.xml). I looked at
that file and it had been set b
On Tue, Jan 11, 2011 at 3:24 PM, Patrick Melvin
wrote:
> Hi Dan, thanks for the help.
>
> Q: Are you receiving alert emails?
> A: No, I don't have that configured.
>
So it's entirely possible there are no alerts being generated.
> Q: What are the permissions for /var/ossec/log?
> A: drwxr-x---
Hi Dan, thanks for the help.
Q: Are you receiving alert emails?
A: No, I don't have that configured.
Q: What are the permissions for /var/ossec/log?
A: drwxr-x--- 5 ossecossec 4096 2011-01-05 09:21 logs
Q: What are the permissions for the files within /var/ossec/log?
A:
$ sudo ls -l /var/o
Hi Patrick,
On Tue, Jan 11, 2011 at 11:54 AM, Patrick Melvin
wrote:
> Hello, I've run into another issue after "resolving" the last one.
> The OSSEC server is not sending logs remotely to a log collector.
> ossec-csyslogd shows in the logs that it starts ok, and is configured
> to forward logs vi
Hello, I've run into another issue after "resolving" the last one.
The OSSEC server is not sending logs remotely to a log collector.
ossec-csyslogd shows in the logs that it starts ok, and is configured
to forward logs via syslog to the IP address specified in the
ossec.conf. I've verified that th