Hi, I have a centralized syslog-ng server collecting logs from all DMZ server. I'd like to pass all these informations to ossec 2.0.3 I've installed on the same machine (FreeBSD 7.2-p4 amd64), but syslog-ng prepends to every row 4 or 5 fileds (date and hostname), so that ossec is unable to apply specified rules to logs. Is there a tip/trick/config I use to let ossec understand these log files (and apply the right rules)?
Thanks in advance, -- d.
