[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] Feature submission: Self supervision (was: RE : FIFO files and Agent/Server updates)

Subject: [Ossec-list] Feature submission: Self supervision (was: RE : FIFO files and Agent/Server updates)
From: fcr-mailings at nerim.net (Fred)
Date: Mon, 29 May 2006 17:59:42 +0200

Hi Daniel,

Thanks very much. That's exactly what I was looking for. Excuse me if it was
written in OSSEC manual.

I have one feature to submit for OSSEC: it would be interesting that Server
sends an alert if Agents don't respond any more, meaning "Agents [A,B,C,...]
is/are dead" or "network links are dead".

That could be interesting in critical environments.

To do so, Agents could send, for example, a special "alive" event one
time/hour, to say to Server: "all is ok".

In my case, and I think I'm not alone, that would be very useful. Server and
Agents communicate through many firewalls and VPN links. So, to debug...

Well, that's only a suggestion ;-)

Thanks

Fred 

-----Original Message-----
From: Daniel Cid [mailto:daniel.cid at gmail.com] 
Sent: Tuesday, May 23, 2006 4:27 PM
To: Fred
Cc: ossec-list at ossec.net
Subject: Re: [Ossec-list] FIFO files and Agent/Server updates

Hi Fred,

What are the names used on your apache logs? Ossec supports the
specification
of dates in the localfile option.

For example, if you log is /var/log/www/apache_year_month_day.log
(for today being /var/log/www/apache_2006_May_22.log), the localfile
option would be:

<localfile>/var/log/www/apache_%y_%m_%d.log</localfile>

For other options, look at the strftime manual:
http://www.die.net/doc/linux/man/man3/strftime.3.html

Hope it helps. If not, we will need to do some changes to support
FIFO...

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net

On 5/23/06, Fred <fcr-mailings at nerim.net> wrote:
>
>
> Hello everybody,
>
> I would have a question on OSSEC.
>
> 1) First is that I have a problem with Apache logs. As we use "logrotate"
> for rotation, log files names are always different, including the current
> one. A solution would be to use a FIFO file: Apache logs would be copied
in
> FIFO files.
> So my questions are:
>
>     - can OSSEC Agent may read FIFO files (localfile directive) ?
>     - are there any risks that Apache may block in case of problem with
FIFO
> ?
>
> Thanks a lot.
>
> Regards,
>
> Fred
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
>
>

Follow-Ups:
- [Ossec-list] Feature submission: Self supervision (was: RE : FIFO files and Agent/Server updates)
  - From: Daniel Cid

References:
- [Ossec-list] FIFO files and Agent/Server updates
  - From: Daniel Cid

Prev by Date: [Ossec-list] Some more work for the translators (pl, de, it, tr, etc)
Next by Date: [Ossec-list] The part of ossec were aborted
Previous by thread: [Ossec-list] FIFO files and Agent/Server updates
Next by thread: [Ossec-list] Feature submission: Self supervision (was: RE : FIFO files and Agent/Server updates)
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.