How to check OSSEC Server logs.

From khika
Jump to navigation Jump to search

How to check OSSEC Server logs.

1. To check the logs of your ossec server which is installed on your KHIKA Aggregator for debugging, You must need to go to the following directory: 

   /opt/ossec/logs

2. Become root user using the command "sudo su"
3. Go the the above mentioned directory using "cd /opt/ossec/logs" command.
4. Type " ls -ltrh " to list the files and directories present in the directory.
5. Type the following command to check the log file (ossec.log).

   tail -f ossec.log

6. Refer to the screenshot given below:
Win129.jpg
7. You can also open the file in the vi Editor the check for the occured issues. For this you may need to use the following command to open the log file of ossec server in vi editor: 

   vi ossec.log

8. This is how you can check the ossec server side logs.

Retrieved from "http://khika.com/wiki/index.php?title=How_to_check_OSSEC_Server_logs.&oldid=2343"