[ossec-list] Re: vsftpd rule

["Kayvan A. Sylvan" <kayvan@xxxxxxxxxx>]

On Tue, Jun 06, 2006 at 05:07:54PM -0300, Daniel Cid wrote:
> 
> Hi Jorge and Joachim,
> 
> Based on the logs you provided, I created some rules for vsftpd.
> They were working correctly on my testing environment...
> 
> They are on the following package:
> http://www.ossec.net/files/ossec-hids-0.8-2.tar.gz
> 
> Basically, the vsftpd rules will be handled by the vsftpd_rules.xml and
> the ones from pam_unix, by the file pam_rules_xml... Can you let
> me know if it is working or not? Also, make sure to add
> "<include>vsftpd_rules.xml</include>" to your ossec.conf
> (and also to configure ossec to read /var/logs/vsftpd.log).

How do we do that? (configure ossec to read /var/log/vsftpd.log)?

In etc/ossec.conf, I see lines like this:

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/messages</location>
  </localfile>

So, do I just add nother snippet like this?

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/vsftpd.log</location>
  </localfile>

-- 
Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---