store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Nov 23, 2014 4:54 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Regding OSSEC
Unread postPosted: Fri May 04, 2012 5:50 am 
Offline
New Forum User
New Forum User

Joined: Fri May 04, 2012 5:48 am
Posts: 3
Location: INDIA
FYI...

Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers

installed in chroot environment.


In ossec.conf file, added below configuration in both server and agent.

<localfile>
<log_format>syslog</log_format>
<location>/chroot/site/usr/local/apache/logs/error_log</location>
</localfile>


Already in decoder.xml and in rules folder apache related configuration is set

by default.


Problem : Ossec is not working for apache logs, not even generating

mails related to Apache errors , rest of the ossec part is working as needed.

Please guide me what has to be done to solve the issue.


Top
 Profile  
 
 Post subject: Re: Regding OSSEC
Unread postPosted: Fri May 04, 2012 2:57 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7956
Location: earth
Oh easy one there, you've got the wrong log type specified. Change that from "syslog" to "apache"


Top
 Profile  
 
 Post subject: Re: Regding OSSEC
Unread postPosted: Sat May 05, 2012 2:02 pm 
Offline
New Forum User
New Forum User

Joined: Fri May 04, 2012 5:48 am
Posts: 3
Location: INDIA
Even i tried the same , but didn't get the required output.

FYI...
Moreover ossec server and apache (web servers are agents) are installed in separate machines.


Top
 Profile  
 
 Post subject: Re: Regding OSSEC
Unread postPosted: Mon May 07, 2012 9:33 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7956
Location: earth
Not sure whats going on there then, thats definitely the right syntax though. We use it all over the place.


Top
 Profile  
 
 Post subject: Re: Regding OSSEC
Unread postPosted: Mon May 07, 2012 11:55 pm 
Offline
New Forum User
New Forum User

Joined: Fri May 04, 2012 5:48 am
Posts: 3
Location: INDIA
Can you please tell me what has to cross checked to make it work as required.


Top
 Profile  
 
 Post subject: Re: Regding OSSEC
Unread postPosted: Tue May 08, 2012 10:18 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7956
Location: earth
Sure, here is an example:
Code:
  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd/access_log</location>
  </localfile>


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group