hello everyone,
I have a general understanding of the ossec.conf files that are within
the agent and server. The one section I am a little unclear on is the
<localfile> section. I understand that you want log files in there. I know
that it scans though them, and you look at the ossec.log file to keep track
of everything, but how do you know if it is running properly? Will it run
though the scan process on the restart of the server/agent, go though and
look though the daily reports that are related to the localfiles, and when
its finished, stop scanning?
Thank you
Michael
