http://www.ossec.net/main/manual/manual-log-analysis/ The above link explains how to setup strftime variable files. /var/log/blah/file.%y-%m-%d-%H:%M.log for file.10-03-19-23:00.log (log file from 2010 March 19 at 23:00). I haven't tested the above. ;) "man strftime" should give you information on the variables.
On Fri, Mar 19, 2010 at 10:38 AM, Chris Kolb <[email protected]> wrote: > Hello all, > > > > Can OSSEC monitor log files that come and go throughout the day? In our > environment we have some applications that log to a file for an hour, and > then after that hour it starts logging to a new file and zips up the old one > (hourly rotation). Since the log file names contain the date and the hour, > I’ve configured OSSEC to monitor *.log in the directory in question – which > is no problem since there’s a directory dedicated to each application log > and only one active log file in any given directory at any one time. If > there is an active log file at midnight, it seems OSSEC will monitor it for > that hour, but it doesn’t pick up on the new log file when it’s created. > > > > Is it possible to monitor these logs with OSSEC? If so, what part of the > configuration do I need to change to make it work? > > > > Chris Kolb > Manager of Information Security > > GDSX, Ltd. > Phone: 972-612-7121 > Fax: 972-612-7021 > > Confidentiality Notice: This e-mail contains information that is > confidential. It is intended for the exclusive use of the individual or > entity to whom it is addressed. If you are not the named recipient, > disclosure or distribution of the information transmitted herewith is > strictly prohibited and may be subject to legal restriction or sanction. > Please notify the sender, by return e-mail or telephone, of any unintended > recipients and delete the original message without making any copies. > > To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
