Christopher : You got me confused now....i was about to add another container of the localfile with the exact details and changing the LOCATION ....
What do i need to make sure if the format of my new file is syslog, and if it is NOT then what do i do ? Thank you for your assistance . On Tue, Jun 28, 2011 at 11:01 PM, dan (ddp) <[email protected]> wrote: > > On Jun 28, 2011 1:28 PM, "SystemAli" <[email protected]> wrote: > > > > So, That means if i need to add additional files to be monitored, all i > need to do is , Edit the ossec.conf on the agent by replace the LOCATION tab > with the location of the log file that i need to monitor ? ...correct ? > > > > > > Don't replace it, add a new localfile for the logfile you want to monitor. > > > <localfile> > > <log_format>syslog</log_format> > > <location>/var/log/maillog</location> > > </localfile> > > > > Please clarify > > > > Thank you > > > > > > > > On Mon, Jun 27, 2011 at 6:36 PM, Christopher Moraes < > [email protected]> wrote: > >> > >> > >> On Sat, Jun 25, 2011 at 1:45 PM, SystemAli <[email protected]> wrote: > >>> > >>> Dan: > >>> > >>> that means all the logs to be monitored have to be entered in the agent > in the following location :-/var/ossec/etc/ossec.conf ? > >>> > >> > >> On the agent, there are 2 config files that are read in the following > order - > >> 1. /var/ossec/etc/ossec.conf and > >> 2. /var/ossec/etc/shared/agent.conf > >> > >> The agent first reads the ossec.conf file and then tries to read the > agent.conf file (if it exits). Log files specified in ossec.conf and > agent.conf will be monitored. If you are making changes for a specific > agent, make your changes in ossec.conf and not agent.conf, as agent.conf > gets overwritten by the manager. > >> > >> > > > > > > > > -- > > "Want to be a leader? Wash the Dishes When Nobody Else Will" > -- "Want to be a leader? Wash the Dishes When Nobody Else Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> "
