On Mon, Dec 19, 2011 at 9:04 PM, Macus <[email protected]> wrote: > It is just as easy as below to monitor OSSEC logs? > <localfile> > <log_format>syslog</log_format> > <location>/var/ossec/logs/ossec.log</location> > </localfile> >
That should do it. > Moreover, I have enabled the debug of the syscheck and agent. Will the > log monitoring alert all logs messages or just specific "error" > messages? > Just log messages that trigger alerts. There isn't really an ossec.log tailed ruleset, so you'll mostly see 1002s. > On 12月17日, 上午3時29分, "dan (ddp)" <[email protected]> wrote: >> You can have ossec monitor its own logs. >> >> >> >> >> >> >> >> On Tue, Dec 13, 2011 at 11:15 PM, Macus <[email protected]> wrote: >> > Is there any way to monitor the ossec server and agent? Like to >> > capture any strange logs in the ossec.log.
