Dear Mailing List I am trying to connect the shorewall logs with the Ossec HIDS server.
The Shorewall is installed on the redhat 9 box with ossec 1.5 agent. It is monitoring the default log files /var/log/messages /var/log/secure The shorewall logs are generated in the file /var/log/messages. After connection with server it is sending the normal OS logs (session opened , session closed etc) generated in /var/log/messages to HIDS server but not the firewall logs. The ossec.conf file states <localfile> <log_format>syslog</log_format> <location>/var/log/messages</location> </localfile> I had tried to change the config as <localfile> <log_format>iptables-shorewall</log_format> <location>/var/log/messages</location> </localfile> But after doing such change the agent doesn't start & returns the config error. Can anyone suggest were I am going wrong or what is method for attaching shorewall logs. Any help would be highly appreciated. Regards Gagan
