Chris : When you say format is this what you mean :- /var/log/dmesg OR /var/log/btmp etc etc...These are the kind of files i intent to record...
Is there something that i m missing ? On Tue, Jun 28, 2011 at 11:03 PM, Christopher Moraes <[email protected]>wrote: > Yes. assuming the format of your new file is also "syslog" > > > On Tue, Jun 28, 2011 at 1:26 PM, SystemAli <[email protected]> wrote: > >> So, That means if i need to add additional files to be monitored, all i >> need to do is , Edit the *ossec.conf* on the agent by replace the * >> LOCATION* tab with the location of the log file that i need to monitor ? >> ...correct ? >> >> >> <localfile> >> <log_format>syslog</log_format> >> *<location>/var/log/maillog</location>* >> </localfile> >> >> Please clarify >> >> Thank you >> >> >> >> On Mon, Jun 27, 2011 at 6:36 PM, Christopher Moraes < >> [email protected]> wrote: >> >>> >>> On Sat, Jun 25, 2011 at 1:45 PM, SystemAli <[email protected]> wrote: >>> >>>> Dan: >>>> >>>> that means all the logs to be monitored have to be entered in the agent >>>> in the following location :-/var/ossec/etc/ossec.conf ? >>>> >>>> >>> On the agent, there are 2 config files that are read in the following >>> order - >>> 1. /var/ossec/etc/ossec.conf and >>> 2. /var/ossec/etc/shared/agent.conf >>> >>> The agent first reads the ossec.conf file and then tries to read the >>> agent.conf file (if it exits). Log files specified in ossec.conf and >>> agent.conf will be monitored. If you are making changes for a specific >>> agent, make your changes in ossec.conf and not agent.conf, as agent.conf >>> gets overwritten by the manager. >>> >>> >>> >> >> >> -- >> "Want to be a leader? Wash the Dishes When Nobody Else >> Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> >> " >> > > -- "Want to be a leader? Wash the Dishes When Nobody Else Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> "
