1. I'm assuming your audit.log file is on the same server as the mailbox.log, right?
2. Is OSSEC alerting on anything in the mailbox.log file? Can you test with another known alert and insert it into mailbox.log and verify that OSSEC is alerting on it? On Fri, Jul 8, 2011 at 10:50 AM, blacklight <[email protected]> wrote: > > I adjusted the time again and inserted the statement in audit.log: > > 2011-07-08 10:35:39,180 INFO [main] [] misc - version=7.1.1_GA_3213 > release=20110624102500 builddate=20110624-1027 buildhost=zre- > rhel4.eng.vmware.com <--- test by V. > > Note: OSSEC caught that event and published it as an alert, as seen > below > >
