Yes. assuming the format of your new file is also "syslog" On Tue, Jun 28, 2011 at 1:26 PM, SystemAli <[email protected]> wrote:
> So, That means if i need to add additional files to be monitored, all i > need to do is , Edit the *ossec.conf* on the agent by replace the * > LOCATION* tab with the location of the log file that i need to monitor ? > ...correct ? > > > <localfile> > <log_format>syslog</log_format> > *<location>/var/log/maillog</location>* > </localfile> > > Please clarify > > Thank you > > > > On Mon, Jun 27, 2011 at 6:36 PM, Christopher Moraes <[email protected] > > wrote: > >> >> On Sat, Jun 25, 2011 at 1:45 PM, SystemAli <[email protected]> wrote: >> >>> Dan: >>> >>> that means all the logs to be monitored have to be entered in the agent >>> in the following location :-/var/ossec/etc/ossec.conf ? >>> >>> >> On the agent, there are 2 config files that are read in the following >> order - >> 1. /var/ossec/etc/ossec.conf and >> 2. /var/ossec/etc/shared/agent.conf >> >> The agent first reads the ossec.conf file and then tries to read the >> agent.conf file (if it exits). Log files specified in ossec.conf and >> agent.conf will be monitored. If you are making changes for a specific >> agent, make your changes in ossec.conf and not agent.conf, as agent.conf >> gets overwritten by the manager. >> >> >> > > > -- > "Want to be a leader? Wash the Dishes When Nobody Else > Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> > " >
