Hi, In the documentation: http://www.ossec.net/doc/syntax/head_ossec_config.localfile.html
There's an option called "localfile.command". However, it doesn't seem like it's very well documented. Can anyone clarify what the option is suppose to do? What I'm trying to do is filter /var/log/messages using a grep statement since this one server's /var/log/messages have other servers' logs as well. Naturally, OSSEC detects the errors twice (one on the original server and one on this server). I want to filter /var/log/messages before OSSEC goes through it looking for errors. Thanks in advance. -- Hac Phan Unix System Administrator Network & Infrastructure, RSSP-IT UC Berkeley
pgpdms3AmR40k.pgp
Description: PGP signature
