You can turn on the logall option on the manager, and then use syslog-ng or rsyslog to read the resulting /var/ossec/logs/archives/archives.log file.
On Thu, May 5, 2011 at 12:00 PM, Kat <[email protected]> wrote: > Hi all.. > > So I have a way to do this using ossec to funnel all log-file data to > a database - (encrypted logfile transmission), but, I was wondering if > anyone might hav an idea for a generic "syslog" rule that would allow > you to monitor a file in "syslog" format and just tell analysisd to > essentially "alert" on every entry - which allows you to stuff that > alert into a DB? > > The reason for this is to have OSSEC act like both a HIDS and as a > centralize log file management tool.. Of course you could reduce the > alert level so it does not really "alert" but just drops the record > into a database... > > Thoughts/comments? > > -Kat
