Hi ! thanks for you help. yea i did that before got ur reply as i read the document. but i am confused that will it give me what i want i mean i am looking that the software scan the log and generate a output kind of thing in some file tell me about attacks etc. Secondly how can i get the report of all this checking i mean what command will display me its result.
On Thu, Feb 21, 2008 at 1:03 AM, Daniel Cid <[EMAIL PROTECTED]> wrote: > > Hi, > > The way I would do is to just append these logs to any file that ossec > is already > monitoring. Say OSSEC is looking at /var/log/messages, I would just: > > # cat /var/log/http/yourhttplog >> /var/log/messages > > > That would allow OSSEC to monitor all the entries (old ones). For it to > monitor > the new ones, just add an entry for it at /var/ossec/etc/ossec.conf: > > <localfile> > <log_format>apache</log_format> > <location>/var/log/apache/apache.log</location> > </localfile> > > > Hope it helps. > > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Feb 20, 2008 8:23 AM, <[EMAIL PROTECTED]> wrote: > > > > Hi ! > > I have a text tile that contains webserver log and i want to > > scan it with ossec to check few things. It will tell me few things > > like worm attack , scripting attack n things like that. How can i use > > it because i havent found that how do i scan a text file that contains > > log. > > > > Regards. > > >
