Hi Saket, On Wed, Jan 12, 2011 at 9:14 PM, Saket <[email protected]> wrote: > Hi, > > I noticed that when I send alerts to a syslog server all the logs show > up in the following format: > > Date Time Hostname ossec: Alert Level ............etc > > I need to know if its possible to change ossec: to something else? > Looks like every log has this static text and I want to know if we can > change that? > > and is it possible to include the year in the date? > > Here is a typical log: > > Jan 7 11:34:25 ossecserver ossec: Alert Level: 4; Rule: 11 - > Excessive number of events (above normal).; Location: ossecserver- >>rootcheck; The average number of logs between 11:00 and 12:00 is > 114. We reached 365. > > Thanks, > Saket >
I don't think there are any configuration changes you can make to change this. You'd have to modify the source: https://bitbucket.org/dcid/ossec-hids
