Hi everybody :)
Im hopeing that somebody out here have some tips and clues for me...
I've installed SEC into my system, and have setup the config files. I have successfully been able to watch over a logfile and print the results of the expected pattern.
But, I want to have multiple instances of SEC running.. Why, well, beq then I can have separate logfiles, pid-files and config for each logfile I want SEC to check. That makes it alot easier when you are creating context's and rules when you can followup in seperate logfiles. Much more efficient.
Here is my Dilemma:
in /etc/default/sec (for RedHat/CentOS this is /etc/sysconfig/sec), I want to add more DAEMON_ARGS to the file:
In CentOS, this can easy be achived by adding more "ARGS" to the line, like this:
Why doesn't this work with Ubuntu server?
I have tried multiple solutions and the end result is that the startup script says: "file not found" when added
and so on.
I have also tryed varibles like this:
...but none of them are successfull..
Is there anyone out here that have set this up successfully and wouldn't mind giving me the recipe?
Some details about the OS:
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
SEC (Simple Event Correlator) 2.7.5
Br
./ Michael
Im hopeing that somebody out here have some tips and clues for me...
I've installed SEC into my system, and have setup the config files. I have successfully been able to watch over a logfile and print the results of the expected pattern.
But, I want to have multiple instances of SEC running.. Why, well, beq then I can have separate logfiles, pid-files and config for each logfile I want SEC to check. That makes it alot easier when you are creating context's and rules when you can followup in seperate logfiles. Much more efficient.
Here is my Dilemma:
in /etc/default/sec (for RedHat/CentOS this is /etc/sysconfig/sec), I want to add more DAEMON_ARGS to the file:
Code:
#Defaults for sec
RUN_DAEMON="yes"
DAEMON_ARGS="-conf=/etc/sec/sec.fail2ban.conf -input=/var/log/fail2ban.log -pid=/var/run/sec.fail2ban.pid -detach -debug=6 -syslog=daemon -log=/var/log/sec.fail2ban.log"Code:
SEC_ARGS[0]="-detach -conf=/etc/sec/sys/*.sec -input=/var/log/messages -log=/var/log/sec -intevents -pid=/var/run/sec.sys.pid"
SEC_ARGS[1]="-detach -conf=/etc/sec/mail/*.sec -input=/var/log/messages -log=/var/log/sec -intevents -pid=/var/run/sec.mail.pid"I have tried multiple solutions and the end result is that the startup script says: "file not found" when added
Code:
DAEMON_ARGS[0]="-conf=xxxxxx
DAEMON_ARGS[1]="-conf=xxxxxI have also tryed varibles like this:
Code:
DAEMON_ARGS_1
DAEMON_ARGS_[1]
DAEMON_ARGS_sometextIs there anyone out here that have set this up successfully and wouldn't mind giving me the recipe?
Some details about the OS:
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
SEC (Simple Event Correlator) 2.7.5
Br
./ Michael
No comments:
Post a Comment