[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Syslog for Switch

To: "rama kant" <ramakant.cso@xxxxxxxxx>
Subject: [ossec-list] Re: Syslog for Switch
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Sat, 14 Apr 2007 16:43:24 -0300
Cc: ossec-list@xxxxxxxxx, "GoelS@xxxxxxx" <goels@xxxxxxx>
Content-disposition: inline
Content-transfer-encoding: 7bit
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WXxVzXeqsgkUpVnEmO3uVQ/2QLPafIXJ13ja5B3Cpu7elMsswOrSZWDw7J4eHn6MMwXv/txMOUto4MqybfdaT2UwAk9tetNlRdTte4LU9JYF9QvopTUbeg7Zjqyyfs8cpOYCwFj7BGLzTAbzJAQOSRtNn3rkHQgBEMFVLD3Kzkw=


A simple solution for this would be to run a syslog daemon (syslog-ng
or syslogd) on
the agent box and configure ossec on that system to read the log files
and forward them
to the server. It will require no change to ossec or to the
decoders/rules for this to
work...

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 4/13/07, rama kant <ramakant.cso@xxxxxxxxx> wrote:

This is an interesting problem.    The client does not really have become a syslog server, it simply needs to be able to trap logging and forward them to the OSSEC server which in turn will have to know how to dispose off such messages.

I will appreciate any posts with possible solutions to this type of general problem.

Cheers,
Rama Kant



On 4/13/07, Pankaj P. Pawar < Pankajpa@xxxxxxxxxx> wrote:
>
>  ***********************
>  Your mail has been scanned by InterScan.
>  ***********-***********
>
>
>
>
>
> Hi All,
>
>
>
> Is it possible that my Ossec Client acts as a Syslog Server and forwards all these events to the mail server which is configured on my Ossec Server??
>
> How can I create a decoder for the same?
>
>
>
> Thanks,
>
> Pankaj P.
>
>
> ***********************************************************************************
>  This message is for the named addressees' use only. It may contain NSDL
>
>  confidential, proprietary or legally privileged information. If you receive
>
>  this message in error, please immediately delete it. You must not, directly
>
>  or indirectly, use, disclose, distribute, print, or copy any part of this message
>
>  if you are not the intended recipient.Unless otherwise stated, any commercial
>
>  information given in this message does not constitute an offer to deal on
>
>  any terms quoted.  Any reference to the terms of executed transactions
>
>  should be treated as preliminary only and subject to our formal written
>
>  confirmation.
>  ***********************************************************************************
>

References:
- [ossec-list] Syslog for Switch
  - From: Pankaj P. Pawar
- [ossec-list] Re: Syslog for Switch
  - From: rama kant

Prev by Date: [ossec-list] Re: Mod Security 2.1.x
Next by Date: [ossec-list] Re: timestamp for modified files
Previous by thread: [ossec-list] Re: Syslog for Switch
Next by thread: [ossec-list] timestamp for modified files
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.