Not sure will have to check, it's a windows based system I don't look after.
2008/11/4 Jeremy Melanson <[EMAIL PROTECTED]>: > > Does the ciscoworks server support breaking out the log messages into > individual files? I have about 400 separate devices sending their SysLog > messages to a central SysLog server, which is running Syslog-ng. > Individual directories are created in my repository, based on the > reverse-dns name of the sending host. I have OSSEC configured to watch > "/var/log/syslog-ng/*/syslog", which means I don't have to reconfigure > OSSEC for new SysLog directories. > If for nothing else, it would save you a HUGE headache if you ever have > to traverse the SysLogs yourself. I would highly recommend it. > > I'm not sure about the internal workings of OSSEC's log poller, but it > may be safe to assume that you can then have multiple threads watching > the data, instead of a single thread watching a single file. > Anyone from the OSSEC Dev team care to comment? > > > Roch wrote: >> I have a ciscoworks windows server which captures logs from all >> network devices. Now the concern I have is the syslog file on this >> server is 15gb. If I include this file in the ossec agent rules I fear >> it will grind to a halt. Has anyone got experience of this? >> >> >
