![]() ![]() Next step is create a decoder and rules for those type of eventsĪdd into /var/ossec/etc/decoders/local_decoder.xml into manager side following custom decoder:Īfter decoder it's necessary to create a rule for it.Īdd into /var/ossec/etc/rules/local_rules. ![]() If some events are found, it confirms the collection method through agent to manager. To enable this logs configure /var/ossec/etc/nf Next steps is restart the agent, generate some events and look for some events in the manager raw file. Ones you can see command event in a linux file, as example mentioned into /var/log/syslog or /var/log/cmdline, it's time to set your agent to collect events from one of those files. I found this link which shows how to configure it. Displays I/O oriented view with the new columns of output, p under heading kthr,and columns fi and fo under heading page instead of the columns re and cy in the page heading.-l: Displays an extra 'large-page' section with the alp and flp columns.-p pagesize: Appends the VMM statistics for the specified page size to the regular vmstat output. First you have to check if commands on Linux are logged in some file. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |