Hi Nicolas,
I think you will be happy to know that we added support for "globbed" file names on our newest version (1.0). So, for example, if you have a directory structure like this: /var/log/host1/xx.log, yy.log, zz.log /var/log/host2/xx.log, aa.log /var/log/hostn/bb.log Just add one entry in the localfile and it will monitor all your logs: <localfile> <log_format>syslog</log_format> <location>/var/log/host*/*.log</location> </localfile> *You can download the 1.0 beta from http://www.ossec.net/files/snapshots/ or wait a few more days for the official release. Hope it helps.. -- Daniel B. Cid dcid ( at ) ossec.net On 1/12/07, Nicolas Arias <[EMAIL PROTECTED]> wrote:
Hello Guys!!! Heres the thing: i have a centralized log server, and im loggin each box to a separated directory. I want ossec to parse the different log files in each directory. Theres a "generic" way to specify something like a recursive inclusion in the ossec config file?. Since i have multiple messages, mail, secure etc etc files (in different dirs) i dont really know how to config ossec to support this. Thanks!! Cheers!
