Hi Zach, Ossec supports file names with the "strftime" format, so you could use "%y" for year, "%m" for month and "%d" for day:
<location>/var/log/syslog/%y/rsync/%y%m%d</location> For a list of all conversion values, take a look at the strftime manual page: http://www.openbsd.org/cgi-bin/man.cgi?query=strftime Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 6/8/07, Zach Patrick <[EMAIL PROTECTED]> wrote: > Hi All, > > I just have a quick question, I'm using syslog-ng to filter and log all the > traffic going to the box, storing it in folders and files based on the year, > the day and the month, so the file would be located in: > > /var/log/syslog/YEAR/server/YEARMONTHDAY > > So i have my block set up to find the files: > > <localfile> > <log_format>syslog</log_format> > > <location>/var/log/syslog/$YEAR/rsync/$YEAR$MONTH$DAY</location> > </localfile> > > I know that the $YEAR $MONTH and $DAY parts don't work, but are there any > variables like that that will dynamically tell OSSEC the year day and month? > > Thanks for your help! > > ~Zach >
