Hello all,
Can OSSEC monitor log files that come and go throughout the day? In our environment we have some applications that log to a file for an hour, and then after that hour it starts logging to a new file and zips up the old one (hourly rotation). Since the log file names contain the date and the hour, Ive configured OSSEC to monitor *.log in the directory in question which is no problem since theres a directory dedicated to each application log and only one active log file in any given directory at any one time. If there is an active log file at midnight, it seems OSSEC will monitor it for that hour, but it doesnt pick up on the new log file when its created. Is it possible to monitor these logs with OSSEC? If so, what part of the configuration do I need to change to make it work? Chris Kolb Manager of Information Security GDSX, Ltd. Phone: 972-612-7121 Fax: 972-612-7021 Confidentiality Notice: This e-mail contains information that is confidential. It is intended for the exclusive use of the individual or entity to whom it is addressed. If you are not the named recipient, disclosure or distribution of the information transmitted herewith is strictly prohibited and may be subject to legal restriction or sanction. Please notify the sender, by return e-mail or telephone, of any unintended recipients and delete the original message without making any copies.
PGP.sig
Description: PGP signature
