[ossec-list] Re: Stupid newbie question.

["Daniel Cid" <daniel.cid@xxxxxxxxx>]

Hi Brian,

It is not a stupid question at all and I am constantly asked about it. If you
configured your e-mail correctly, you will receive e-mails for any relevant
alert (level >= 7). The lower severity alerts will not be e-mailed by default,
but you can look at them at /var/ossec/logs/alerts/2006/Aug/*.log
(where 2006 and Aug are the currently year and month). So you
would need to manually look at them or configure ossec to e-mail
all alerts (which can be painful to look at some times).

If you create a link to the logs directory from your web server, you will
certainly be able to see them, but just make sure to configure some
password authentication :)

*We are working on a user interface for ossec that would help solve
this kind of problem... Stay tuned.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 8/2/06, Brian Avis <brian@xxxxxxxxxx> wrote:
> Okay... I just installed ossec on a Linux box (as the server) and one
> windows box (as an agent).  It appears to be up and running on both
> machines.
>
> Now for the stupid question.  How do I view the alerts?  Do I just wait
> for e-mail from ossec agents?  Do I manually have to go through the text
> log files that ossec keeps?  Is there something important I am missing?
>
> Or could I just create a link to the logs directory in my web server dir
> and view them that way?
>
>
>
> --
> Brian Avis
> SEARHC Medical Clinic
> Juneau, AK 99801
> (907) 463-4049
> Have a nice diurnal anomaly!