Hello, I'm looking for solution for the issue that was discussed here -> http://www.ossec.net/ossec-list/2007-August/msg00036.html
I get lot of messages from ossec, because it is applying syslog rule on apache log: Received From: sphynx->/var/log/apache2/access.log Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)." Portion of the log(s): ... I need to have apache log in format with domain name first because of awstats (I think it is called Combined format). Is there other solution than writing rule that will ignore this messages? Are now apache's logs properly analyzed? I'm using OSSEC v1.4 . Thank you Tomas
