1. Ossec启动、停止、重启、状态
/var/ossec/bin/ossec-control {start|stop|restart|status}
2. 启动并查看httpd服务
systemctl start httpd
systemctl status httpd.service
3. 启动并查看mysql服务
systemctl start mariadb
systemctl status mariadb.service
4. 启动并查看sendmail服务
systemctl start sendmail.service
systemctl status sendmail.service
5. 批量重启apache、mysql、sendmail服务
for i in {httpd,mariadb,sendmail};do systemctl restart $i ;done
6. Web界面文件存放目录
/var/www/html/analogi
7. apache应用的虚拟目录
/etc/httpd/conf.d/analogi.conf
8. agent相关配置
/opt/ossec/bin/manage_agents
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
9. 配置/etc/aliases完成将发送到root的邮件转发到其他外部邮件服务器
9.1 安装sendmail
9.2 确认/etc/aliases文件是否存在,如果存在编辑该文件,在末尾添加一条记录
root: ***@gmail.com
9.3 刷新命令:newaliases
9.4 编辑ossec配置文件/var/ossec/etc/ossec.conf,修改里面的邮件预警等级
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>5</email_alert_level>
</alerts>
10. OSSEC的规则配置文件默认路径为/var/ossec/rules/
11. /opt/ossec/bin/agent_control -lc 查看已加入ossec-server,并且处于active状态的主机
12. ossec 预警log的文件目录: /var/ossec/logs/alerts/alerts.log
-----------------------------------
OSSEC日志泛化及告警规则配置:
http://www.freebuf.com/articles/network/36484.html
更新中...