On Wed, Aug 3, 2011 at 9:19 PM, Decker Christopher <[email protected]> wrote: > OSSECers, > I have two brief questions: > > I have OSSEC configured to write alerts to a DB. I've noticed that > the agents table is never populated (even though I have multiple agents > communicating with my Manager). Is this a bug? I did find a April 2010 > posting where someone reported the same symptoms and received only one > response--to have a cron job populate/maintain the table.
That table is not populated yet. > I have a log file that is created sporadically and always with the format > ldap-yyyymmdd. I've tried using both a wildcard and %Y%m%d in my local file > <location>, but neither approach seems to work unless the log file actually > exists when OSSEC starts. Did I overlook something when I tested (I assume > I did since OSSEC is obviously designed for log files), or is this really a > limitation? > This is supposed to work. It should look something like: <location>/var/log/ldap-%Y%m%d</location> > > > Thanks, > Chris
