[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: Syslog-NG with OSSEC Questions!
We are doing this now and it works well.
The caveats I would mention are as follows:
If you are having syslog-ng filter alerts, you'll want to make sure that
you include the file where the logs are being sent.
If you are creating log files based upon day or time (such that the name
of the file changes everyday e.g. /logs/host/2007-10-10 ), I would
suggest either writing a copy all alerts to one file that is monitored
and then dumped instead of rotating it (a truly ugly option), or
creating a symlink to the current file and changing it every time the
file is rotated (still not a great method but one we use). A co-worker
wrote a very simple (read that as a done-and-dirty, proof-of-concept)
script I can share if needed.
Yours,
John
Wilson Lai wrote:
> Dear ALL,
>
> I have now installed the Syslog-NG server for centralizing all
> syslog messages from windows
>
> and linux machines. And now, I am looking forward a monitoring tool that
> could check the severity level
>
> of the incoming message and alert me through e-mail.
>
> Another question, once the event message has sent to the Syslog-NG
> server, could OSSEC alert me
>
> by e-mail immediately (real time alerting)?
>
> Thanks.
>
>
>
> Regards,
>
> Wilson Lai
>
> System Engineer
>
> IT Dept., SJM
>
> Office ( : (853)2978585
>
> Mobile ( : (853)66506709
>
> Email +: : wilsonlai@xxxxxxxxxxxx
>
>
>
>
>
>
--
-------------------------------------------------------------------------
John Ives Phone (510) 642-7773
System & Network Security Cell (510) 229-8676
University of California, Berkeley
-------------------------------------------------------------------------
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.