Dumb question in return: If the network is down, how is it going to
notify you?
It will notify when link comes back?
You probably want one or more external boxes monitoring connectivity and
let them send messages. Nagios?
This is used for audit purposes.
--
Eero
So how are those rules coming?
On Thu, Sep 8, 2011 at 12:05 AM, Eero Volotinen eero.voloti...@iki.fi wrote:
Dumb question in return: If the network is down, how is it going to
notify you?
It will notify when link comes back?
You probably want one or more external boxes monitoring
Hi List,
I want alert to ossec when linux interface (ethernet) link goes down ?
How to do this?
--
Eero
Try adding an OSSEC localfile full_command directive using one of the
following commands listed in this thread (basically, ethtool or mii-tool):
http://lists.samba.org/archive/linux/2006-June/015442.html
On Wed, Sep 7, 2011 at 7:10 AM, Eero Volotinen eero.voloti...@iki.fiwrote:
Hi List,
I
2011/9/7 Jeremy Lee jpl...@gmail.com:
Try adding an OSSEC localfile full_command directive using one of the
following commands listed in this thread (basically, ethtool or mii-tool):
http://lists.samba.org/archive/linux/2006-June/015442.html
Sounds like bad solution? I think message link up
On Wed, Sep 7, 2011 at 1:32 PM, Eero Volotinen eero.voloti...@iki.fi wrote:
2011/9/7 Jeremy Lee jpl...@gmail.com:
Try adding an OSSEC localfile full_command directive using one of the
following commands listed in this thread (basically, ethtool or mii-tool):
Your intention, though, is to essentially alert you when the link status
changes no? full_command works very well for this purpose. Otherwise, if you
can figure out how to do it with the log file, by all means...
On Wed, Sep 7, 2011 at 10:32 AM, Eero Volotinen eero.voloti...@iki.fiwrote:
2011/9/7 Jeremy Lee jpl...@gmail.com:
Your intention, though, is to essentially alert you when the link status
changes no? full_command works very well for this purpose. Otherwise, if you
can figure out how to do it with the log file, by all means...
Yes, it's important to detect when links
You wouldn't actually use sudo when specifying in the full_command
directive. OSSEC will run as root, so all you have to do is put the command
itself in and it will work.
On Wed, Sep 7, 2011 at 11:34 AM, Eero Volotinen eero.voloti...@iki.fiwrote:
2011/9/7 Jeremy Lee jpl...@gmail.com:
Your
And just make sure you use the full path of the command, to be safe. So if
it's ethtool - /sbin/ethtool or /usr/sbin/ethtool or whatever
It should look something like this:
localfile
log_formatfull_command/log_format
command/sbin/ethtool eth0 | grep Link/command
/localfile
On
To take it a step further, setup the alert (this may or may not work -
haven't tested it... you may have to tweak some things):
rule id=30 level=15
if_sid530/if_sid
matchossec: output: '/sbin/ethtool eth0 | grep Link':/match
regexLink detected: no/regex
descriptionEth link
On 09/07/2011 09:10 AM, Eero Volotinen wrote:
Hi List,
I want alert to ossec when linux interface (ethernet) link goes down ?
How to do this?
--
Eero
Dumb question in return: If the network is down, how is it going to
notify you?
You probably want one or more external boxes monitoring
12 matches
Mail list logo