Thank you for explanation, everything is clear and working as expected
Post by 700 grmPost by 700 grmIn situation can we install OSSEC Server and syslog backup server on the
same machine?
Post by 700 grmOr it will create a lot of issues: double alerts > it will analyse
same var/log/messages on client and server side?
If OSSEC monitors the file syslogd saves the remote log messages to,
you'll get doubled up alerts.
If you want to do both on the same machine, you'll want to save the
messages to files that OSSEC isn't monitoring.
Post by 700 grmthx in advance
Post by dan (ddp)Post by 700 grmThank you for your prompt response.
1. How can I turn on logall feature on ossec client?
It's a server side setting, not a client side.
http://www.ossec.net/docs/syntax/head_ossec_config.global.html?highlight=logall#element-logall
Post by 700 grmPost by dan (ddp)Post by 700 grm2. it mean that OSSEC client can collect all system logs from
/var/log/ forward them to a OSSEC server and store them in
/var/ossec/logs/archive/archives.log ?
Post by 700 grmPost by dan (ddp)Correct. Anything the agent sends to the server will be logged in the
archives log.
Post by 700 grmThx in advance
V
Post by dan (ddp)Post by 7***@gmail.comHi,
I am new to the OSSEC. I am confused about forwarding logs.
Does OSSEC client collects logs from /var/log/messages and
forwards them to the ossec server /var/log/messages? Or should be log
forwarding configured in rsyslog on Red Hat to forward all logs to rsyslog
server?
Post by 700 grmPost by dan (ddp)Post by 700 grmPost by dan (ddp)OSSEC does not write to /var/log/messages. It can store all logs it
receives in /var/ossec/logs/archive/archives.log, if you turn on the
logall feature.
But if you want a syslog backup of log messages, you'll have to
configure your syslogd to do it for you.
Post by 7***@gmail.comThx in advance
Regards
V
--
---
You received this message because you are subscribed to the Google
Groups "ossec-list" group.
Post by 700 grmPost by dan (ddp)Post by 700 grmPost by dan (ddp)Post by 7***@gmail.comTo unsubscribe from this group and stop receiving emails from it,
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google
Groups "ossec-list" group.
Post by 700 grmPost by dan (ddp)Post by 700 grmPost by dan (ddp)To unsubscribe from this group and stop receiving emails from it,
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google
Groups "ossec-list" group.
Post by 700 grmPost by dan (ddp)Post by 700 grmTo unsubscribe from this group and stop receiving emails from it,
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google
Groups "ossec-list" group.
Post by 700 grmPost by dan (ddp)To unsubscribe from this group and stop receiving emails from it, send
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google
Groups "ossec-list" group.
Post by 700 grmTo unsubscribe from this group and stop receiving emails from it, send
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.