On Tue, Jun 21, 2011 at 9:18 AM, SystemAli <[email protected]> wrote: > Dan : > I am willing to give you all the required information to resolve my > problem. > All i need to know is, How to handle events on the server from various > agents, so that i am not confused which event belongs to which agent. > I hope my query is much clear this time :( >
The log messages get sent from the agents to the manager. The manager decodes and analyzes the log messages. If an alert is generated it is saved to /var/ossec/logs/alerts/alerts.log, possibly emailed, and possibly sent via syslog to another system. If you have no set the logall option the log messages are discarded if they do not trigger an alert. If you are using the logall option the log messages are saved to /var/ossec/logs/archives/archives.log. You can find out a bit more about the formatting of these log files in the following message: http://marc.info/?l=ossec-list&m=130858497504847&w=2 Unless you have a new question, or decide to explain the problem you are having I'm done. Maybe someone else can help you more. > On Tue, Jun 21, 2011 at 5:20 PM, dan (ddp) <[email protected]> wrote: >> >> On Jun 21, 2011 7:34 AM, "SystemAli" <[email protected]> wrote: >> > >> > Then how are we suppose to handle agents ? There must be a way ...its >> > bothering me too much..please clear the cloud here :( >> >> Since I seem to be missing a fundamental piece of information, and you >> aren't very forthcoming I'll begin the handholding. >> What problem are you trying to solve with this? > > > -- > "Want to be a leader? Wash the Dishes When Nobody Else Will" >
