On Mon, Jun 20, 2011 at 11:35 AM, SystemAli <[email protected]> wrote: > Dan : > Can you tell me how can we distinguish logs of different servers from the > log file that are records on the Server ? > ...this is my main concern :( >
Each entry will name the system the log message came from in the log. By default ossec does not save all of the log messages, it only saves alerts. If you want to save all log messages, you'll have to enable the logall option. Example: 2011 Jun 20 00:00:00 ix->/var/log/daemon Jun 19 22:45:08 ix named[24167]: client 192.168.1.19#20121: transfer of 'example.org/IN': AXFR started "ix" is the system the log came from, /var/log/daemon is the logfile it was originally saved to. If you're looking at alerts instead of log messages: ** Alert 1308542400.0: - syslog,named, 2011 Jun 20 00:00:00 ix->/var/log/daemon Rule: 12128 (level 1) -> 'Zone transfer.' Src IP: 192.168.1.19 Jun 19 22:45:08 ix named[24167]: client 192.168.1.19#20121: transfer of 'example.net/IN': AXFR started Again "ix" is the system the log message originated on. > On Mon, Jun 20, 2011 at 7:56 PM, SystemAli <[email protected]> wrote: >> >> Can you tell me, how can it help me in storing the logs of different >> servers ? >> Thank you for your prompt response. >> >> >> On Mon, Jun 20, 2011 at 7:43 PM, dan (ddp) <[email protected]> wrote: >>> >>> On Jun 20, 2011 10:08 AM, "SystemAli" <[email protected]> wrote: >>> > >>> > Oke, Log messages, How can i distinguish messages from various servers, >>> > How can i store them in different locations, Which file to i need to edit >>> > to >>> > do all this ? >>> > >>> > Basically i am confused about logging the logs and don't want to mix >>> > them up in one. >>> >>> OSSEC can't really do this. You should look into using rsyslog or >>> syslog-ng to accomplish this. >> >> >> -- >> "Want to be a leader? Wash the Dishes When Nobody Else Will" > > > > -- > "Want to be a leader? Wash the Dishes When Nobody Else Will" >
