So I noticed in a new install that the files are automatically chosen for localfile log analysis based on currently existing logs...at least that what appears to be the case. If that is the case is there a way to re-run this scan? I've tried reinstalling and that didn't do it. The reason I ask this is there are sometimes new services added to our servers that we are not made aware of. As an example Apache was loaded on one of our servers that is running an OSSEC Agent but we were not aware of it. If it had existed when I originally installed OSSEC it would have configured those log files to be monitored. Since it was after the fact and I was unaware it was added it is unfortunately not. I know you can manually add them to the agent file but for the services added that we're not aware of that may not happen right away.
What I'm curious about is whether or not you can run the scan again to look for the local files and automatically update the ossec.conf file on the agent to now monitor those files as well. If so, then I can just create a cron job to perform that scan every evening and I'll never be missing the logs for new services that OSSEC monitors by default. It's late and I hope I made this question make sense....Thanks in advance for any input or assistance!
