Brilliant Idea :) Thanks,
-Saket On Fri, Dec 31, 2010 at 1:43 PM, dan (ddp) <[email protected]> wrote: > On Fri, Dec 31, 2010 at 1:35 PM, Jason 'XenoPhage' Frisvold > <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Dec 30, 2010, at 7:44 PM, dan (ddp) wrote: > >> Have ossec read the active-response.log file? > >> > >> <localfile> > >> <log_format>syslog</log_format> > >> <location>/var/ossec/logs/active-response.log</location> <!-- or > >> whever it is --> > >> </localfile> > >> > >> It's not elegant, but should work. > > > > > > You! With your inescapable logic! > > > > ... > > > > Thanks. :) I should have thought of that... :P > > > > :) > > If you're using syslog-ng you can read the logs from the file: > http://www.syslog.org/logged/reading-logs-from-a-file-in-syslog-ng/ > > Or with rsyslog: > http://www.rsyslog.com/doc/imfile.html > > > > - --------------------------- > > Jason 'XenoPhage' Frisvold > > [email protected] > > - --------------------------- > > "Any sufficiently advanced magic is indistinguishable from technology." > > - - Niven's Inverse of Clarke's Third Law > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG/MacGPG2 v2.0.14 (Darwin) > > > > iEYEARECAAYFAk0eInIACgkQ8CjzPZyTUTTDoQCfWMur9kTtorfLI5YXzF/SNJtM > > qLQAn0UvoQAWZVDUvD8eMqaTED9JyFY9 > > =S+qG > > -----END PGP SIGNATURE----- > > >
