Hi Pavel,
Ossec by default only logs events that match at least one of our rules. To save
these application specific messages you would need to write a few rules for
them OR configure ossec to log everything (which isn't very practical and fast).
If you can give us a few samples of your logs we can help you with that. If you
want to log everything, you need to enable the "log_all" directive and
everything
will be stored at /var/ossec/logs/events/events.log (instead of
alerts/alerts.log).
*again, enabling "log_all" can be very bad for your ossec performance :)
Hope it helps,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/25/06, Smirnov, Pavel <[EMAIL PROTECTED]> wrote:
Sorry if I'm asking something that is really FAQ - just couldnt find an
obvious answer.
Question is - I need to preserve on the "server" _all_ events logged
from a Windows client tailing on a plain text file.
These text files can be a variety of SunOne standard and application
specific logs... i.e. I want multiple boxes to forward _all_ logs to my
central ossec server.
I included following configuration to the Windows client, ossec server
already logs messages from this host when they come from event logs. It
doesn't at the moment log anything that I would append to the
D:\Test.log...
<localfile>
<location>D:\Test.log</location>
<log_format>syslog</log_format>
</localfile>
Maybe I am just trying to misuse ossec ?
Kind regards,
Pavel Smirnov.
