OSSEC Alert: OSSEC agent disconnected

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

The goal is to notify the administrator when the OSSEC agent got disconnected.

This rule lets you monitor whether the OSSEC agent got disconnected.

Check the log detected for the System: {{@syslog.hostname}}.
Check whether the {{@agent-name}} hosted on the IP {{@agent-ip}} is still disconnected or has recovered.
If the agent has disconnected unexpectedly, log in to the system and restart your agent to continue your analysis, or contact your administrator to take the necessary actions.