ossec日志文件的安装
2. 在server端添加客户端,并产生key
[root@log var]# /var/ossec/bin/manage_agents
****************************************
* OSSEC HIDS v2.8 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your action: A,E,L,R or Q: A
- Adding a new agent (use '\q' to return to the main menu).
Please provide the following:
* A name for the new agent: XL1-TRAN1 客户端的hostname的名字
* The IP Address of the new agent: 10.10.10.111 客户端的ip地址
* An ID for the new agent[005]:
Agent information:
ID:005
Name:XL1-TRAN1
IP Address:10.10.10.111
Confirm adding it?(y/n): y
Agent added.
****************************************
* OSSEC HIDS v2.8 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your action: A,E,L,R or Q: E
Available agents:
ID: 001, Name: XL1-SET1, IP: 10.10.10.109
ID: 002, Name: XL1-DB1, IP: 10.10.10.107
ID: 003, Name: XL1-DB2, IP: 10.10.10.108
ID: 004, Name: XL1-SET2, IP: 10.10.10.220
ID: 005, Name: XL1-TRAN1, IP: 10.10.10.111
Provide the ID of the agent to extract the key (or '\q' to quit): 005 最后一个
Agent key information for '005' is:
MDA1IFhMMS1UUkFOMSAxMC4xMC4xMC4xMTEgNDI3MWNkZGI3YjhkZDcxNGFmZGJkNDRiMjUxYTJkNzA5Mjk2Zjk3ZWM2ZWNjMDRmODMzM2YwYzQxYzVlN2MwYQ== 生成的key复制粘
贴
** Press ENTER to return to the main menu.
****************************************
* OSSEC HIDS v2.8 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your action: A,E,L,R or Q: Q
** You must restart OSSEC for your changes to take effect.
manage_agents: Exiting ..
[root@log var]#
3.在agent端输入key
[root@XL1-TRAN1 ossec-hids-2.8.1]# /var/ossec/bin/manage_agents
****************************************
* OSSEC HIDS v2.8 Agent manager. *
* The following options are available: *
****************************************
(I)mport key from the server (I).
(Q)uit.
Choose your action: I or Q: I
* Provide the Key generated by the server.
* The best approach is to cut and paste it.
*** OBS: Do not include spaces or new lines.
Paste it here (or '\q' to quit): MDA1IFhMMS1UUkFOMSAxMC4xMC4xMC4xMTEgNDI3MWNkZGI3YjhkZDcxNGFmZGJkNDRiMjUxYTJkNzA5Mjk2Zjk3ZWM2ZWNjMDRmODMzM2YwYzQxYzVlN2MwYQ== 生成的key复制粘
贴
Agent information:
ID:005
Name:XL1-TRAN1
IP Address:10.10.10.111
Confirm adding it?(y/n): y
Added.
** Press ENTER to return to the main menu.
****************************************
* OSSEC HIDS v2.8 Agent manager. *
* The following options are available: *
****************************************
(I)mport key from the server (I).
(Q)uit.
Choose your action: I or Q: Q
** You must restart OSSEC for your changes to take effect.
manage_agents: Exiting ..
[root@XL1-TRAN1 ossec-hids-2.8.1]#
live.bu@cardinfolink.com
1.
主题: ossec和日志安装
1 ossec
tar -xzvf ossec-hids-2.8.1.tar.gz
sh ./install.sh
安装成功后
pe -ef | grep ossec 查看进程
root 18813 1 0 09:56 ? 00:00:00 /var/ossec/bin/ossec-execd
ossec 18864 1 0 10:05 ? 00:00:00 /var/ossec/bin/ossec-agentd
root 18868 1 0 10:05 ? 00:00:00 /var/ossec/bin/ossec-logcollector
root 18872 1 0 10:05 ? 00:00:00 /var/ossec/bin/ossec-syscheckd
root 18881 17159 0 10:06 pts/1 00:00:00 grep ossec
就成功了
- 系统类型是 Redhat Linux.
- 修改启动脚本使 OSSEC HIDS 在系统启动时自动运行
- 已正确完成系统配置.
- 要启动 OSSEC HIDS:
/var/ossec/bin/ossec-control start
- 要停止 OSSEC HIDS:
/var/ossec/bin/ossec-control stop
- 要查看或修改系统配置,请编辑 /var/ossec/etc/ossec.conf
- 您必须首先将该代理添加到服务器端以使他们能够相互通信.
这样做了以后,您可以运行'manage_agents'工具导入
服务器端产生的认证密匙.
/var/ossec/bin/manage_agents
/etc/rc.local
/var/ossec/bin/ossec-control start
2.日志安装
/etc/syslog.conf
# Save boot messages also to boot.log
local7.* /var/log/boot.log
*.* @10.99.2.100