>From the short description, "The command to run a all output will be read as a log file.," it seems like you can now have OSSEC audit any commands that are run in the shell?
Can someone please clarify further? I am also interested to know exactly what this does. On Fri, Oct 15, 2010 at 11:35 AM, Hac Phan <[email protected]>wrote: > Hi, > > In the documentation: > http://www.ossec.net/doc/syntax/head_ossec_config.localfile.html > > There's an option called "localfile.command". However, it doesn't seem like > it's > very well documented. Can anyone clarify what the option is suppose to do? > > What I'm trying to do is filter /var/log/messages using a grep statement > since > this one server's /var/log/messages have other servers' logs as well. > Naturally, > OSSEC detects the errors twice (one on the original server and one on this > server). I want to filter /var/log/messages before OSSEC goes through it > looking > for errors. > > Thanks in advance. > > -- > Hac Phan > Unix System Administrator > Network & Infrastructure, RSSP-IT > UC Berkeley >
