Forwarding Linux syslogs to syslog server
65 views
Skip to first unread message
700...@gmail.com
Nov 9, 2018, 10:39:08 AM11/9/18
to ossec-list
Hi,
I am new to the OSSEC. I am confused about forwarding logs.
Does OSSEC client collects logs from /var/log/messages and forwards them to the ossec server /var/log/messages? Or should be log forwarding configured in rsyslog on Red Hat to forward all logs to rsyslog server?
Thx in advance
Regards
V
dan (ddp)
Nov 9, 2018, 10:41:31 AM11/9/18
to ossec...@googlegroups.com
receives in /var/ossec/logs/archive/archives.log, if you turn on the
logall feature.
But if you want a syslog backup of log messages, you'll have to
configure your syslogd to do it for you.
> Thx in advance
>
> Regards
>
>
> V
>
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
700 grm
Nov 9, 2018, 11:21:20 AM11/9/18
to ossec...@googlegroups.com
Thank you for your prompt response.
1. How can I turn on logall feature on ossec client?
2. it mean that OSSEC client can collect all system logs from /var/log/ forward them to a OSSEC server and store them in /var/ossec/logs/archive/archives.log ?
Thx in advance
V
dan (ddp)
Nov 9, 2018, 11:36:00 AM11/9/18
to ossec...@googlegroups.com
On Fri, Nov 9, 2018 at 11:21 AM 700 grm <700...@gmail.com> wrote:
>
> Thank you for your prompt response.
>
> 1. How can I turn on logall feature on ossec client?
>
It's a server side setting, not a client side.
>
> Thank you for your prompt response.
>
> 1. How can I turn on logall feature on ossec client?
>
http://www.ossec.net/docs/syntax/head_ossec_config.global.html?highlight=logall#element-logall
> 2. it mean that OSSEC client can collect all system logs from /var/log/ forward them to a OSSEC server and store them in /var/ossec/logs/archive/archives.log ?
>
archives log.
700 grm
Nov 9, 2018, 12:14:22 PM11/9/18
to ossec...@googlegroups.com
In situation can we install OSSEC Server and syslog backup server on the same machine?
Or it will create a lot of issues: double alerts > it will analyse same var/log/messages on client and server side?
thx in advance
dan (ddp)
Nov 9, 2018, 1:14:26 PM11/9/18
to ossec...@googlegroups.com
On Fri, Nov 9, 2018 at 12:14 PM 700 grm <700...@gmail.com> wrote:
>
> In situation can we install OSSEC Server and syslog backup server on the same machine?
> Or it will create a lot of issues: double alerts > it will analyse same var/log/messages on client and server side?
>
If OSSEC monitors the file syslogd saves the remote log messages to,
>
> In situation can we install OSSEC Server and syslog backup server on the same machine?
> Or it will create a lot of issues: double alerts > it will analyse same var/log/messages on client and server side?
>
you'll get doubled up alerts.
If you want to do both on the same machine, you'll want to save the
messages to files that OSSEC isn't monitoring.
700 grm
Nov 9, 2018, 1:37:56 PM11/9/18
to ossec...@googlegroups.com
Thank you for explanation, everything is clear and working as expected
Reply all
Reply to author
Forward
0 new messages