[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: New to ossec

To: ossec-list@xxxxxxxxxxxxxxxx, Bubbacheese <tommygast@xxxxxxxxx>
Subject: [ossec-list] Re: New to ossec
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Thu, 6 Jul 2006 16:01:03 -0300

Did you restart ossec after adding the log entry for snort? Can you show
us the output of:

cat /var/ossec/etc/ossec.conf
cat /var/ossec/logs/ossec.log

In addition to that, do you see the alerts showing up on the
/var/ossec/logs/alerts directory or they do not show up only in
the e-mail alerts?

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


On 7/6/06, Bubbacheese <tommygast@xxxxxxxxx> wrote:
>
> I've just downloaded and played around with OSSEC (Which is Great) and
> I'm trying to get my snort alerts sent to me via email.  But it doesn't
> seem to be working.  This is what I've added to the ossec.conf file.
>
>   <localfile>
>     <log_format>snort-full</log_format>
>     <location>/var/log/snort/alert</location>
>   </localfile>
>
> and this is the snort command line I use.
>
> snort -c /etc/snort/snort.conf -A full -D
>
> Snort is generating alerts, but I'm just not getting OSSEC to send this
> to me.  Thanks for the help.  Oh yea ver is the lastest from yesterday.
>
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: New to ossec
  - From: Tommy Gast

References:
- [ossec-list] New to ossec
  - From: Bubbacheese

Prev by Date: [ossec-list] New to ossec
Next by Date: [ossec-list] Re: New to ossec
Previous by thread: [ossec-list] New to ossec
Next by thread: [ossec-list] Re: New to ossec
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.