Alerts.log only gets alerts. The syslog client in ossec only sends alerts. Not all log messages will get forwarded from the manager to an external syslog server.
-----Original Message----- From: Saket Sent: 01/04/2011 6:49:57 PM Subject: [ossec-list] Consolidating ossec.log and active-responses.log into alert.log and exporting it to a syslog server Hi, I am trying to consolidate the active-responses.log and the ossec.log using the workaround provided in the thread. I have configured a syslog export of logs. So as of now all the alerts.log is being exported to the syslog server. But for some reason the other files are not being sent. I have included the following in the ossec.conf file: <syslog_output> <server>x.x.x.x</server> <syslog_output> <localfile> <location>/var/ossec/logs/ossec.log</location> <log_format>syslog</log_format> </localfile> <localfile> <location>/var/ossec/logs/active-responses.log</location> <log_format>syslog</log_format> </localfile> I checked the ossec.log file and it clearly says: Analysing File: '/var/ossec/logs/active-responses.log' and '/var/ossec/logs/ossec.log' But, whatever is being written to these 2 files are not being exported or written to the alerts.log. Is there anything wrong in my configuration or am I missing something here? Please advice. Thanks, Saket
