at least you have to configure Rsyslog like in this example ( option RSYSLOG_TraditionalFileFormat ) to enforce a standard syslog timestamp
... *.info;mail.none;authpriv.none;cron.none /var/log/messages;RSYSLOG_TraditionalFileFormat # The authpriv file has restricted access. authpriv.* /var/log/secure;RSYSLOG_TraditionalFileFormat # Log all the mail messages in one place. mail.* -/var/log/maillog;RSYSLOG_TraditionalFileFormat ... # All inside MySQL ################################ *.* :ommysql:myhost,Syslog,myuser,mypassword ############################################################### so logs are stored locally and on the remote Rsyslog DB + the ossec agents can still understand these logs because that option ciao, Fabio Daniel Cid wrote: > Hi, > > Right now you can't monitor them directly from the database, but if > you can configure > rsyslog to dump those to another log file (or pipe) ossec can > certainly monitor them. > > Our plan for next version is do add directly database monitoring, so > later you can > switch to it. > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Thu, Mar 26, 2009 at 12:47 PM, polloxx <[email protected]> wrote: > >> Dear list, >> >> We want to start using ossec for log analysis with rsyslog messages >> which are dropped in a mysql database. These log messages come from >> different devices: mail servers, firewalls, web servers, name servers, >> etc etc. >> This this possible? Can I find a tutorial for that? >> >> Thank you, >> P >> >>
