Hi Martin,
It seems that you want some kind of reporting, instead of rule. Have
you tried the ossec_report tool in
the contrib directory? For example, if you want to get a list of all
the user names that failed login during
the day, try:
# cat /var/ossec/logs/alerts/alerts.log |grep -E
"\*\*.*
Nice ! I needed that...
thankĀ“s
2008/11/19 Daniel Cid <[EMAIL PROTECTED]>:
>
> Hi Martin,
>
> It seems that you want some kind of reporting, instead of rule. Have
> you tried the ossec_report tool in
> the contrib directory? For example, if you want to get a list of all
> the user names that fail
I get a permission denied when running this? Any thoughts:
cat /var/ossec/logs/alerts/2008/Nov/ossec-alerts-20.log |grep -E
"\*\*.*authentication_failed" -A 6 | ./ossec_report_contrib.pl -t user
i get::: -bash: /var/ossec/logs/alerts/2008/Nov/ossec-alerts-20.log: Permission
denied
- Derek M
Does the user running the command have read permission for the log file? Sounds
like the problem to me.
Jon
On Thu, Nov 20, 2008 at 08:00:32AM -0500, Derek J. Morris wrote:
>
> I get a permission denied when running this? Any thoughts:
>
> cat /var/ossec/logs/alerts/2008/Nov/ossec-alerts-20.lo