Linux processes monitoring through ossec

[yugandha...@gmail.com]

Hi all,

I am new to ossec. I would like to monitor process through ossec. My plan is need to get the notification if some one start any new process or stop/kill any process.
Can some one help me

----
thanks,

[dan (ddp)]

If there is a way to log all processes that are started, you could
configure OSSEC to read that log. Then create alerts or whatnot for
the entries.
Or, you could do a full_command with some `ps` wizardry.

> ----
> thanks,
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Shyam Hirurkar]

Check Nagios for process monitoring

On 22-Jul-2017 02:54, "dan (ddp)" <ddp...@gmail.com> wrote:

On Fri, Jul 21, 2017 at 5:27 AM,  <yugandha...@gmail.com> wrote:
> Hi all,
>
> I am new to ossec. I would like to monitor process through ossec. My plan is
> need to get the notification if some one start any new process or stop/kill
> any process.
> Can some one help me
>

If there is a way to log all processes that are started, you could
configure OSSEC to read that log. Then create alerts or whatnot for
the entries.
Or, you could do a full_command with some `ps` wizardry.

> ----
> thanks,
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to ossec-list+unsubscribe@googlegroups.com.

> For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.

[Jesus Linares]

Hi,

check out this post: http://santi-bassett.blogspot.com.es/2015/08/how-to-monitor-running-processes-with-ossec.html

I hope it helps.

On Saturday, July 22, 2017 at 3:03:25 AM UTC+2, CEH wrote:

Check Nagios for process monitoring

On 22-Jul-2017 02:54, "dan (ddp)" <ddp...@gmail.com> wrote:

On Fri, Jul 21, 2017 at 5:27 AM,  <yugandha...@gmail.com> wrote:
> Hi all,
>
> I am new to ossec. I would like to monitor process through ossec. My plan is
> need to get the notification if some one start any new process or stop/kill
> any process.
> Can some one help me
>

If there is a way to log all processes that are started, you could
configure OSSEC to read that log. Then create alerts or whatnot for
the entries.
Or, you could do a full_command with some `ps` wizardry.

> ----
> thanks,
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to ossec-list+...@googlegroups.com.

> For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.

[Kevin Wilcox]

On Fri, 21 Jul 2017 at 08:06, <yugandha...@gmail.com> wrote:

I am new to ossec. I would like to monitor process through ossec. My plan is need to get the notification if some one start any new process or stop/kill any process.
Can some one help me

auditd logging execve. You can also have it log file access and metadata updates.

kmw

[Jesus Linares]

Hi,

you can find information about auditd and OSSEC here: https://documentation.wazuh.com/current/user-manual/capabilities/system-calls-monitoring/index.html

Regards.