Finding the logs in my server. I generally use lsof to list what is my server.
lsof | grep log
I check which log are reading by OSSEC
Check cat /var/ossec/etc/ossec.conf |grep "<location>/"
Add new access log to OSSCE.
/var/ossec/bin/util.sh addfile /var/log/httpd/nic.access_log
OR
Just update “/var/ossec/etc/ossec.conf”
Then add some log or run your server to get some log
echo "123.231.120.128 - - [21/Jun/2016:19:04:41 +0530] \"POST /foosearch.php HTTP/1.1\" 404 35765 \"foo.com\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/48.0.2564.82 Chrome/48.0.2564.82 Safari/537.36\"" >> access_log
No comments:
Post a Comment