You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cron-apt's log output does not have a dedicated OSSEC decoder. As a result, cron-apt errors are only caught if they (luckily) match a set of simple heuristics (such as the word "error" being present in a log line).
For example, this cron-apt log results in one error reported:
root@mon-staging:/var/ossec/bin# ./ossec-logtest -a < /home/vagrant/log
2015/01/28 22:07:46 ossec-testrule: INFO: Reading local decoder file.
2015/01/28 22:07:46 ossec-testrule: INFO: Started (pid: 3450).
** Alert 1422482866.1: mail - syslog,errors,
2015 Jan 28 22:07:46 mon-staging->stdin
Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.'
W: GPG error: http://104.236.171.240 trusty Release: The following signatures were invalid: BADSIG B0898FE83F3BF9EB Freedom of the Press Foundation Test Signing Key
It would be good to test potential failure conditions for cron-apt and develop custom OSSEC rules for reporting on them.
The text was updated successfully, but these errors were encountered:
OSSEC doesn't have a built in decoder for cron-apt log entries. Cron-apt uses variable rate multi-line log entries and does not follow the syslog format. (syslog format would prepend date,process, event id for each line).
cron-apt's log output does not have a dedicated OSSEC decoder. As a result, cron-apt errors are only caught if they (luckily) match a set of simple heuristics (such as the word "error" being present in a log line).
For example, this cron-apt log results in one error reported:
It would be good to test potential failure conditions for cron-apt and develop custom OSSEC rules for reporting on them.
The text was updated successfully, but these errors were encountered: