On Thu, Oct 29, 2009 at 1:44 PM, Holger Gläß <[email protected]> wrote:
> hi
> thanks for the links , and yes syslog-ng and connected hosts are
> working well.
>
> at the moment my syslog-ng server receive from close to 30 hosts the
> logging messages and write it to an specific file.
>
> so how can i setup an seperate log file per hosts in ossec where he
> write the received log ?
>
> then i start my test again.
>
> holger
>
>
>
>
>
So you have something like syslog-ng logging HOST1's messages
to FILE1 and HOST2's messages to FILE2? And now you want to
make sure OSSEC is seeing every one of those FILEs?
If so, you'll have to create <localfile> entries for each of those files.
Something like:
<localfile>
<log_format>syslog</log_format>
<location>/var/log/FILE1</location>
</localfile>
HTH,
dan
