Are the log messages being pulled in? (enable log_all, and make sure) Using ossec-logtest, do the log messages get decoded properly?
On Fri, Dec 16, 2011 at 2:17 PM, Kat <[email protected]> wrote: > Anyone have any idea why a "server" would ignore the localfiles for > monitoring? I have some alerts that SHOULD be triggering, but they do > not trigger on the server, only on agents. Yes, the config file is the > same. This is as simple as /var/log/secure being monitored for logins/ > failures/etc and they never trigger on the server. > > ? > -K
