For the sake of clarity - Alerts get written to this one file. Not logs. To see alerts for a particular agent/host, run the ossec-reportd utility. It will parse the alert log file and show you alerts based on the filter criteria you've set.
On Thu, Jun 23, 2011 at 10:04 PM, SystemAli <[email protected]> wrote: > If all the logs get ridden to this one file, Then how do we extract the > logs for any individual agent ? > > Any tips on this please ? > > On Fri, Jun 24, 2011 at 6:28 AM, SystemAli <[email protected]> wrote: > >> Thank you Dan, > > > > > -- > "Want to be a leader? Wash the Dishes When Nobody Else > Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> > " >
