[osiris] How do I find a Log entry?

BobBenschneider at BigLots.com BobBenschneider at BigLots.com
Thu Jan 17 10:37:25 EST 2008 

I would focus on your syslog facility config.  Ensure the osiris management
deamon is configured to send the data to the proper syslog facility.  We
are doing this with success, but we are using a linux server as our mgmt
console, as we had problem with the Windows event logs for osiris scans.

Bob Benschneider
Sr. Information Protection Analyst
BigLots, Inc.
614-278-7217


                                                                           
             Reiner Kief                                                   
             <office at kief-onli                                             
             ne.de>                                                     To 
             Sent by:                  Osiris Users                        
             osiris-bounces at li         <osiris at lists.shmoo.com>            
             sts.shmoo.com                                              cc 
                                                                           
                                                                   Subject 
             01/17/2008 10:14          Re: [osiris] How do I find a Log    
             AM                        entry?                              
                                                                           
                                                                           
             Please respond to                                             
               Osiris Users                                                
             <osiris at lists.shm                                             
                  oo.com>                                                  
                                                                           
                                                                           




Hi.

Isn't there anybody who can help me?

> Well, I am not satisfied about my researches. The detected changes
> do not appear in the syslogs, even when osiris has found a change.
> F. i. the syslog only tells me sth. like this:
>
> 2008-01-16 11:07:06          User.Notice             127.0.0.1
Jan 16 11:07:06 svazdg006
> MSWinEventLog<009>1<009>Application<009>13900<009>Wed Jan 16
> 11:07:04 2008<009>0<009>osirismd<009>Unknown User<009>N/
> A<009>Information<009>SVAZDG006<009>None<009><009>Der Vorgang wurde
> erfolgreich beendet.  <009>12709
>
> even the osiris log found this:
>
> <Bild 1.png>
>
> In case the above screenshot doesn't come through:
> [203][svazdg006][new][c:\windows\osiris\osiris_test.txt]
>
> What is the reason for this? I have to see the changes in certain
> directories.
>
> For your further information:
> We are working for a payment service provider to get PCI
> compliance. The syslogs of all servers (Mac and Win) are sent to a
> Syslog-server (Kiwi). Kiwi scans the syslogs and sends emails to
> some admins in certain cases (wrong logins etc.). We want Osiris to
> send the detected changes to the syslog which is then scanned by
> Kiwi. We would like to have Kiwi as the central watch-point. We
> don't want to setup another email service besides that. Is that
> possible?
>

Reiner Kief
Software developer and IT-Consultant
Weinbergstrasse 45
63853 Moemlingen
Germany

office at kief-online.de
phone        +49 6022 681631
mobile             +49 160 7326056

VAT-ID: DE250520381

Member of www.die4DWerkstatt.de

http://www.linkedin.com/in/reinerkief


_______________________________________________
osiris mailing list
osiris at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/osiris

More information about the osiris mailing list