Not getting alerts from clav monitoring on some machines
43 views
Skip to first unread message
Jorge Martins
Oct 10, 2019, 10:49:20 AM10/10/19
to Wazuh mailing list
Hi!
I have configured some linux machines with clamav and added the log file to be monitored by wazuh.
I've run a few tests, and some machines are not sending and alert, the difference being the machines that do not send the alert have the following version:
- Ubuntu 12.04LTS
- Ubuntu 14.04LTS
ossec.log shows that the log file is being monitored:
2019/10/10 15:29:25 ossec-logcollector: INFO: (1950): Analyzing file: '/var/log/clamav/clamav.log'.
All other have Ubuntu 16.04LTS/18.04LTS and one with Centos 6 and are working OK
Any idea what could be?
Thank you
Elwali Karkoub
Oct 10, 2019, 3:54:13 PM10/10/19
to Wazuh mailing list
Hello Jorge,
Can you let me know what version of Wazuh agents are using in these boxes ?
Another possiblity would be the generated clamv log are not matching with any rules : https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0320-clam_av_rules.xml
Sharing some clamv logs would help me to replicate your use case.
Best regards,
Wali
Can you let me know what version of Wazuh agents are using in these boxes ?
Another possiblity would be the generated clamv log are not matching with any rules : https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0320-clam_av_rules.xml
Sharing some clamv logs would help me to replicate your use case.
Best regards,
Wali
Reply all
Reply to author
Forward
0 new messages