Hi, The log file info that u are seeking is obvious and are defined in the ossec.conf. Obvious in a sense that for unix, it will b /var/log/messages, /var/log/authlog, /var/log/sulog. And so on. Also in case of windows, it is configured to monitor only the app, security and system log files.
Regards Tanishk Lakhaani Sent from BlackBerry® on Airtel -----Original Message----- From: Shaikat Majumdar <[email protected]> Sender: [email protected] Date: Mon, 07 Mar 2011 15:49:54 To: ossec-list<[email protected]> Reply-To: [email protected] Subject: [ossec-list] Does OSSEC pre-decoding provide a way to glean the log filename Does OSSEC pre-decoding provide a way to glean the log filename causing an alert ? If not, can this be done using a custom-defined decoder ? -- Shaikat Majumdar Millburn Ridgefield Corporation
