Find the answer to your Linux question:
Results 1 to 3 of 3
FYI... Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers installed in chroot environment. In ossec.conf file, added below configuration in both server and agent. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2008
    Posts
    16

    Regding OSSEC


    FYI...

    Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers

    installed in chroot environment.


    In ossec.conf file, added below configuration in both server and agent.

    <localfile>
    <log_format>syslog</log_format>
    <location>/chroot/site/usr/local/apache/logs/error_log</location>
    </localfile>


    Already in decoder.xml and in rules folder apache related configuration is set

    by default.


    Problem : Ossec is not working for apache logs, not even generating


    mails related to Apache errors , rest of the ossec part is working as needed.

    Please guide me what has to be done to solve the issue.

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,754
    My guess is that Apache is running outside of the chroot environment, so the OSSEC agents can't see the logs. Try running OSSEC in a virtual machine that can still access the system running the Apache server, or if in the chroot environment, treat the root system as a remote system, even if you use localhost as the system address.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Aug 2008
    Posts
    16
    Sure apache is running only in chroot environment. Moreover ossec server and apache (web servers are agents) are installed in seperate machines.

    what additional configuration part has to done in order to make ossec access the web server logs of chroot environment.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •