Login or Register to Ask a Question and Join Our Community


Red Hat

Regding OSSEC

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Regding OSSEC
# 1  
Old 05-07-2012
Regding OSSEC
FYI...

Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers

installed in chroot environment.

Moreover ossec server and apache (web servers are agents) are installed in separate machines.


In ossec.conf file, added below configuration in both server and agent.

<localfile>
<log_format>syslog</log_format>
<location>/chroot/site/usr/local/apache/logs/error_log</location>
</localfile>


Already in decoder.xml and in rules folder apache related configuration is set

by default.


Problem : Ossec is not working for apache logs, not even generating


mails related to Apache errors , rest of the ossec part is working as needed.

Please guide me what has to be done to solve the issue.
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Cybersecurity

Not being able to run SYSCHEKD in OSSEC local (HIDS)

I am newbee to OSSEC. My objective is to install OSSEC in a ubuntu 10.04 server, configure it and then install rootkits, tamper files and then scan for possible notification and alerts. BUT I tired and then changed few setting in ossec.conf but its nearly similar to default setting. After... (1 Reply)
Discussion started by: metalaarif
1 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

polipo

POLIPO(1)						      General Commands Manual							 POLIPO(1)

NAME

       polipo - a caching web proxy

SYNOPSIS

       polipo [ -h | -v | -x ] [ -c config ] [ var=val ]...

DESCRIPTION

       Polipo  is a caching HTTP proxy.  It listens to requests for web pages from your browser and forwards them to web servers, and forwards the
       servers' replies to your browser.  In the process, it optimises and cleans up the network traffic.

       By default, Polipo listens on TCP port 8123.  Please configure your web browser to use the proxy on localhost port 8123.

OPTIONS

       -h     Display help and exit.

       -v     Display the list of configuration variables and exit.

       -x     Purge the on-disk cache and exit.

       -c     Select an alternate configuration file.

       var=val
	      Change the value of a configuration variable.

FILES

       /etc/polipo/config
	      The default location of Polipo's configuration file.

       /etc/polipo/forbidden
	      The default location of the list of forbidden URLs.

       /var/cache/polipo/
	      The default location of the on-disk cache.

       /usr/share/polipo/www/
	      The default root of the local web space.

SIGNALS

       SIGUSR1
	      write out all in-memory objects to disk and reload the forbidden URLs file.

       SIGUSR2
	      write out all in-memory objects to disk, discard all in-memory objects, and reload the forbidden URLs file.

       SIGTERM, SIGINT, SIGHUP
	      write out all in-memory objects to disk and quit.

SECURITY

       The internal web server will follow symbolic links that point outside the local document tree.  You should run Polipo in a chroot  jail	if
       that is a problem.

       There is no reason to run Polipo as root.

FULL DOCUMENTATION

       The full manual for Polipo is maintained in a texinfo file, and is normally available through a web server internal to Polipo.  Please make
       sure that Polipo is running, and point your favourite web browser at

	      http://localhost:8123/

       Alternatively, you may type

	      $ info polipo

       at a shell prompt, or

	      C-h i m polipo RET

       in Emacs.

AUTHOR

       Polipo was written by Juliusz Chroboczek.

																	 POLIPO(1)