Hi All,
I just have a quick question, I'm using syslog-ng to filter and log all the
traffic going to the box, storing it in folders and files based on the year,
the day and the month, so the file would be located in:
/var/log/syslog/YEAR/server/YEARMONTHDAY
So i have my block set up to find the files:
<localfile>
<log_format>syslog</log_format>
<location>/var/log/syslog/$YEAR/rsync/$YEAR$MONTH$DAY</location>
</localfile>
I know that the $YEAR $MONTH and $DAY parts don't work, but are there any
variables like that that will dynamically tell OSSEC the year day and month?
Thanks for your help!
~Zach
