Have you looked at the logall option? http://www.ossec.net/main/manual/configuration-options
Regards, -- Doug Burks, GSE, CISSP President, Greater Augusta ISSA http://augusta.issa.org http://securityonion.blogspot.com On Thu, May 5, 2011 at 12:00 PM, Kat <[email protected]> wrote: > Hi all.. > > So I have a way to do this using ossec to funnel all log-file data to > a database - (encrypted logfile transmission), but, I was wondering if > anyone might hav an idea for a generic "syslog" rule that would allow > you to monitor a file in "syslog" format and just tell analysisd to > essentially "alert" on every entry - which allows you to stuff that > alert into a DB? > > The reason for this is to have OSSEC act like both a HIDS and as a > centralize log file management tool.. Of course you could reduce the > alert level so it does not really "alert" but just drops the record > into a database... > > Thoughts/comments? > > -Kat
