Resending. -------- Original Message -------- Subject: Re: [ossec-list] RE: Syslog ossec Date: Wed, 31 Jan 2007 20:17:16 -0500 From: Michael Starks <[EMAIL PROTECTED]> To: [email protected] References: <[EMAIL PROTECTED]>
Jeremy Melanson wrote: > I did this because I wanted to save a copy of the incoming SysLog > message into the Host's respective $HOST/syslog, as well as run them > against OSSEC's PIX rules. I couldn't OSSEC to use the PIX rules against > a file-based syslog. *This may not be true with OSSEC 1.0. I just > haven't had the time to test it. I do something similar with syslog-NG, but I just have OSSEC (1.0) look at the local syslog files for dozens of servers and two firewalls (PIX). I'm currently monitoring about 300 log files. It was very easy to set up with the wildcard support, and has no problem with keeping up.
