Hi all.. So I have a way to do this using ossec to funnel all log-file data to a database - (encrypted logfile transmission), but, I was wondering if anyone might hav an idea for a generic "syslog" rule that would allow you to monitor a file in "syslog" format and just tell analysisd to essentially "alert" on every entry - which allows you to stuff that alert into a DB?
The reason for this is to have OSSEC act like both a HIDS and as a centralize log file management tool.. Of course you could reduce the alert level so it does not really "alert" but just drops the record into a database... Thoughts/comments? -Kat
