Just to add to what Dan Said, In my opinion, to split up ossec.conf file in 2 parts, will not be recommeded as thereafter it may be difficult to make out for the OSSEC Agent, which portion of the OSSEC Configuration File is to be looked at to parse the logs.
Regards Tanishk On Sat, Jun 11, 2011 at 3:36 AM, dan (ddp) <[email protected]> wrote: > These extras are ok. They won't affect anything. I generally clean > them up every 2 or 3 updates. > > On Fri, Jun 10, 2011 at 5:53 PM, treydock <[email protected]> wrote: > > I just noticed that after the 2.6-beta update there are some empty > > tags placed in my server's ossec.conf file. After the section for > > <localfile> I have the following ... > > > > > > 199 <localfile> > > 200 <log_format>syslog</log_format> > > 201 <location>/var/ossec/logs/active-responses.log</location> > > 202 </localfile> > > 203 > > 204 </ossec_config> > > 205 > > 206 <ossec_config> <!-- rules global entry --> > > 207 </ossec_config> <!-- rules global entry --> > > 208 > > 209 <ossec_config> <!-- rules global entry --> > > 210 </ossec_config> <!-- rules global entry --> > > 211 > > 212 <ossec_config> <!-- rules global entry --> > > 213 <rules> > > 214 <include>rules_config.xml</include> > > > > > > So now my configuration has two seperate <ossec_config> sections that > > actually have settings and two empty. Doesn't seem to effect > > functionality in any way. Is there a preferred method for organizing > > the ossec.conf file as far as whether to include everything inside a > > single <ossec_config> tag or to split it up into multiple? > > > > Thanks > > - Trey > -- Regards Tanishk Lakhaani
