Login or Register to Ask a Question and Join Our Community


Red Hat

Regding OSSEC

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Regding OSSEC
# 1  
Old 05-07-2012
Regding OSSEC
FYI...

Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers

installed in chroot environment.

Moreover ossec server and apache (web servers are agents) are installed in separate machines.


In ossec.conf file, added below configuration in both server and agent.

<localfile>
<log_format>syslog</log_format>
<location>/chroot/site/usr/local/apache/logs/error_log</location>
</localfile>


Already in decoder.xml and in rules folder apache related configuration is set

by default.


Problem : Ossec is not working for apache logs, not even generating


mails related to Apache errors , rest of the ossec part is working as needed.

Please guide me what has to be done to solve the issue.
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Cybersecurity

Not being able to run SYSCHEKD in OSSEC local (HIDS)

I am newbee to OSSEC. My objective is to install OSSEC in a ubuntu 10.04 server, configure it and then install rootkits, tamper files and then scan for possible notification and alerts. BUT I tired and then changed few setting in ossec.conf but its nearly similar to default setting. After... (1 Reply)
Discussion started by: metalaarif
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

jailer.conf

JAILER(5)							File Formats Manual							 JAILER(5)

NAME

       jailer.conf - configuration file of jailer

SYNOPSIS

       jailer.conf

DESCRIPTION

       jailer is a script for creating chrooted environments for Debian packages.

       jailer.conf is the configuration file for jailer.conf

       Every configuration definition has to start and end with a jail identifier, which should be unique and be in brackets.

       <apache>
	      For example, an Apache chroot identifier should look like this:

       </apache>
	      The identifier use needs to be closed.

	      The  configuration for the chroot instance is defined inside these identifiers. The following lines can be used to describe the con-
	      figuration:

       Root: /var/chroot/apache

	      This line describes the PATH of the chrooted enviroment.

       Conf:

	      This line describes the PATH or PATH/filename  which  should  be	copied	over  to  the  chrooted  environment.  For  example  Conf:
	      /etc/apache/* , which uses a wild card.

       Debs:

	      This line contains the name of those Debian packages which should be installed into the chrooted environment.

       Junk-Debs:

	      This line contains those deb packages which should not be installed into the chrooted environment.

       Junk:

	      This line contains those files or directories which should not be installed. For example /lib/* means all files and links under /lib
	      should not be installed, while /lib/libconsole.so.0.0.0 means a file which should not to be installed.

       Extra:

	      This line contains those files or directories which should be installed into the chrooted environment. For  example:  /var/run  will
	      install that a directory which is needed for the chrooted service.

WARNING

       Do  not	configure your daemon inside your jail, because updatejail script will wipe out all the data inside the jail. If you would want to
       change any settings inside the jail, make the changes in the original location and then run updatejail . This makes it possible to place  a
       jail even to a ramdisk.

SEE ALSO

       updatejail(8) jailer.conf(5), dpkg(8)

AUTHOR

       This manual page was written by Peter Holtzl <peter.holtzl@balabit.hu>.

								 December 4, 2001							 JAILER(5)