If you add the mysql logs to the ossec agent, it will pass the logs back to the ossec server for evaluation there. I haven't looked at mysql logs in a while, but I'm guessing it shouldn't be too tough to get it all working. You'd just add your rules to the ossec server and get alerts from it.
If I'm misunderstanding something, let me know. I'll finish my coffee before replying again. On Wed, Apr 28, 2010 at 10:29 PM, Barnaby Cockcroft <[email protected]> wrote: > I’m trying to figure out whether I can monitor my non-centralized mysqld.log > files using ossec agents? I’m just looking for some simple alerts for > instance when replication fails on a slave. But as far as I can see it’s not > possible to have rules on agents so I can’t see how I can match log lines or > use regular expressions like I can on the centralized syslog/ossec server. > Am I missing something really simple here? It seems as if I should be able > to do this without having to fall back to running sec on the db boxes. > Thanks in advance if anyone can set me straight, > Barnaby
