Check the documentation (the localfile section of the general configuration
options in the manual), there is a limited amount of globing you can do in the
localfile configs.
-----Original Message-----
From: Nikolaidis Fotis
Sent: 07/23/2010 12:56:00 PM
Subject: [ossec-list] Ossec directory monitoring
Hello.
Is it possible for ossec to monitor the logs of a directory without
writing a rule explicitly for every file ?
For example i have
DirA
DirB DirC DirD
100Logs 200 Logs N logs
Instead of writing
<localfile>
<log_format>syslog</log_format>
<location>/DirA/DirB/messages</location>
</localfile>
is it possible to write
<localDir>
<log_format>syslog</log_format>
<location>/DirA/</location>
</localDir>
?
Regards, Fotis
--
telnet towel.blinkenlights.nl
