Hi,
The way I would do is to just append these logs to any file that ossec
is already
monitoring. Say OSSEC is looking at /var/log/messages, I would just:
# cat /var/log/http/yourhttplog >> /var/log/messages
That would allow OSSEC to monitor all the entries (old ones). For it to monitor
the new ones, just add an entry for it at /var/ossec/etc/ossec.conf:
<localfile>
<log_format>apache</log_format>
<location>/var/log/apache/apache.log</location>
</localfile>
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On Feb 20, 2008 8:23 AM, <[EMAIL PROTECTED]> wrote:
>
> Hi !
> I have a text tile that contains webserver log and i want to
> scan it with ossec to check few things. It will tell me few things
> like worm attack , scripting attack n things like that. How can i use
> it because i havent found that how do i scan a text file that contains
> log.
>
> Regards.
>
