Hi Dan, I have following line in my syslog.conf (send all messages to logserver1 which is splunk)
*.* @logserver1 I have checked my /var/log/messages and /var/log/secure and look like syslog had stopped appending logs in local file. How do i enable it ? I want both option local and remote syslog. -Satish On Mon, Feb 28, 2011 at 2:36 PM, dan (ddp) <[email protected]> wrote: > Hi Satish, > Do these systems log to both a local file and a remote syslog system? > If so, they can easily parse the local log files without issues. > I have a number of systems setup this way. > > On Thu, Feb 24, 2011 at 3:34 PM, satish patel <[email protected]> wrote: >> Hi All, >> >> In our network we have splunk centralized log server for all >> Linux/Unix box. We have configured syslog to send all logs to Splunk. >> Now i am planing to install OSSEC on all Unix/Linux boxes so question >> is how ossec agent will parse log file while those boxes sending log >> to splunk server via syslog ? >> >> How do i configure splunk vs ossec logs monitoring ? >> >> -Satish >> >
