Hi,
please have you an idea to do with rsyslog?
Help.
Best regards
this the solution
# vim /etc/rsyslog.d/ossec.conf
i add these Three lines
$ModLoad imfile
$InputFileName /var/ossec/logs/archives/archives.log
if $msg contains 'alienvault' then /var/log/test.log
#/etc/init.d/rsyslog restart
so know i can see the logs of alienvault on
Dear support,
how can i forword logs contain a name_application expression from
archives.log to /var/log/myapplication.log
Best regards
On Fri, Nov 9, 2012 at 1:41 PM, rezgui mohamed rezgui...@gmail.com wrote:
Dear support,
how can i forword logs contain a name_application expression from
archives.log to /var/log/myapplication.log
Best regards
rsyslog? syslog-ng? This isn't really an OSSEC question.
but rsyslog worked on standart log file like syslog,mail.log not for the
log of ossec?