[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: [Ossec-list] Feature submission: Self supervision (was: RE :
From: daniel.cid () gmail ! com (Daniel Cid)
Date: 2006-05-30 14:43:11
Message-ID: b92e6f200605300743n748c4a8du87d30112110944c0 () mail ! gmail ! com
[Download RAW message or body]
Hi Fred,
That's a great idea. Currently OSSEC agents do send keep alive messages
to the server (take a look at /var/ossec/queue/agent-info/), so adding an
alert if an agent is not alive is not hard to do. I will work on that
for the next
release.
Thanks,
--
Daniel B. Cid
dcid @ ( at ) ossec.net
On 5/29/06, Fred <fcr-mailings at nerim.net> wrote:
> Hi Daniel,
>
> Thanks very much. That's exactly what I was looking for. Excuse me if it was
> written in OSSEC manual.
>
> I have one feature to submit for OSSEC: it would be interesting that Server
> sends an alert if Agents don't respond any more, meaning "Agents [A,B,C,...]
> is/are dead" or "network links are dead".
>
> That could be interesting in critical environments.
>
> To do so, Agents could send, for example, a special "alive" event one
> time/hour, to say to Server: "all is ok".
>
> In my case, and I think I'm not alone, that would be very useful. Server and
> Agents communicate through many firewalls and VPN links. So, to debug...
>
> Well, that's only a suggestion ;-)
>
> Thanks
>
> Fred
>
>
> -----Original Message-----
> From: Daniel Cid [mailto:daniel.cid at gmail.com]
> Sent: Tuesday, May 23, 2006 4:27 PM
> To: Fred
> Cc: ossec-list at ossec.net
> Subject: Re: [Ossec-list] FIFO files and Agent/Server updates
>
>
> Hi Fred,
>
> What are the names used on your apache logs? Ossec supports the
> specification
> of dates in the localfile option.
>
> For example, if you log is /var/log/www/apache_year_month_day.log
> (for today being /var/log/www/apache_2006_May_22.log), the localfile
> option would be:
>
> <localfile>/var/log/www/apache_%y_%m_%d.log</localfile>
>
> For other options, look at the strftime manual:
> http://www.die.net/doc/linux/man/man3/strftime.3.html
>
> Hope it helps. If not, we will need to do some changes to support
> FIFO...
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid @ ( at ) ossec.net
>
> On 5/23/06, Fred <fcr-mailings at nerim.net> wrote:
> >
> >
> > Hello everybody,
> >
> > I would have a question on OSSEC.
> >
> > 1) First is that I have a problem with Apache logs. As we use "logrotate"
> > for rotation, log files names are always different, including the current
> > one. A solution would be to use a FIFO file: Apache logs would be copied
> in
> > FIFO files.
> > So my questions are:
> >
> > - can OSSEC Agent may read FIFO files (localfile directive) ?
> > - are there any risks that Apache may block in case of problem with
> FIFO
> > ?
> >
> > Thanks a lot.
> >
> > Regards,
> >
> > Fred
> >
> > _______________________________________________
> > ossec-list mailing list
> > ossec-list at ossec.net
> > http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> >
> >
> >
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic