Hi, I am trying to consolidate the active-responses.log and the ossec.log using the workaround provided in the thread. I have configured a syslog export of logs. So as of now all the alerts.log is being exported to the syslog server. But for some reason the other files are not being sent.
I have included the following in the ossec.conf file: <syslog_output> <server>x.x.x.x</server> <syslog_output> <localfile> <location>/var/ossec/logs/ossec.log</location> <log_format>syslog</log_format> </localfile> <localfile> <location>/var/ossec/logs/active-responses.log</location> <log_format>syslog</log_format> </localfile> I checked the ossec.log file and it clearly says: Analysing File: '/var/ossec/logs/active-responses.log' and '/var/ossec/logs/ossec.log' But, whatever is being written to these 2 files are not being exported or written to the alerts.log. Is there anything wrong in my configuration or am I missing something here? Please advice. Thanks, Saket
