I've shown how each entry contains the location the original log message came from, so I'm not going through that again.
Here's an ossec-reportd command to show all alerts in the group authentication_success from the system named "ix": cat alerts.log | /var/ossec/bin/ossec-reportd -f group authentication_success -f location ix I can't help you any more than that on this topic. On Wed, Jun 29, 2011 at 1:31 PM, SystemAli <[email protected]> wrote: > Dan, > Since, we have one log file for all the agents in the server manager. How is > it that we can read or query the log file for just one agent via CLI mode ? > > -- > "Want to be a leader? Wash the Dishes When Nobody Else Will" >
