exim probably works, it logs in the syslog format I think. There's no specific decoder for it, so that might need to be written.
On Wed, Jun 29, 2011 at 3:04 PM, SystemAli <[email protected]> wrote: > I was looking at the Supported logs at > : http://www.ossec.net/wiki/Supported-Logs But this does not say any thing > about EXIM, > Can any one confirm if it can logs exim as well ? > > On Wed, Jun 29, 2011 at 7:55 AM, SystemAli <[email protected]> wrote: >> >> Dan : >> Where can i find more info about LOG_FORMAT container, as i need to >> monitor SMTP and othe services and am not exactly sure what to name them. >> >> >> On Wed, Jun 29, 2011 at 12:19 AM, dan (ddp) <[email protected]> wrote: >>> >>> On Tue, Jun 28, 2011 at 2:33 PM, SystemAli <[email protected]> wrote: >>> > Yes, >>> > the first one is an Apache format, DO i need to change the LOG_FORMAT >>> > for >>> > this ? if yes, then what ? >>> >>> <log_format>apache</log_format> >>> >>> > And yes. there were additional "</ossec_config>" in the file which i >>> > have >>> > removed, But yet get the same error :( >>> > than you once again >>> > >>> >>> There's either an extra </ossec_config> still in the file, or the >>> "<ossec_config" in the message you sent is causing the breakage. >>> Feel free to send me the ossec.conf, I can try to read it for you. >>> >>> > On Tue, Jun 28, 2011 at 11:48 PM, dan (ddp) <[email protected]> wrote: >>> >> >>> >> Hi SystemAli, >>> >> >>> >> On Tue, Jun 28, 2011 at 2:10 PM, SystemAli <[email protected]> >>> >> wrote: >>> >> > Chris : >>> >> > I edited the ossec.conf and added these container in it :- >>> >> > <localfile> >>> >> > <log_format>syslog</log_format> >>> >> > <location>/usr/local/apache/logs/access_log</location> >>> >> > </localfile> >>> >> >>> >> This is probably in the apache format >>> >> >>> >> > </ossec_config> >>> >> >>> >> This </ossec_config> tag seems to be in the wrong place. >>> >> >>> >> > <localfile> >>> >> > <log_format>syslog</log_format> >>> >> > <location>/usr/local/cpanel/logs/access_log</location> >>> >> > </localfile> >>> >> >>> >> I haven't seen it, but I'm guessing this will also be in the apache >>> >> format. >>> >> Have you ever looked at the logs? >>> >> >>> >> > But when i restart ossec i get this error :- >>> >> > /var/ossec/bin/ossec-control start >>> >> > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... >>> >> > 2011/06/28 23:39:58 ossec-execd(1226): ERROR: Error reading XML file >>> >> > '/var/ossec/etc/ossec.conf': XML ERR: Element not closed: >>> >> > <ossec_config >>> >> > (line 68). >>> >> > Can you suggest how to resolve this ? >>> >> > >>> >> >>> >> Look at line 68 or above. Look for a line that says "<ossec_config" >>> >> Or, check for an <ossec_config> without an </ossec_config>. >>> >> >>> >> Anything in a <> will need a corresponding </>. >>> > >>> > >>> > >>> > -- >>> > "Want to be a leader? Wash the Dishes When Nobody Else Will" >>> > >> >> >> >> -- >> "Want to be a leader? Wash the Dishes When Nobody Else Will" > > > > -- > "Want to be a leader? Wash the Dishes When Nobody Else Will" >
