Only alerts go to the db. On Jun 15, 2012 5:44 PM, "Fred Sasse" <[email protected]> wrote:
> I am currently using the webui just fine in SLES11. I have ordered > the OSSEC-HIDS book and it is on its way. > > I have a dumb database question. > > I followed the directions to send output the mysql database here: > > http://www.ossec.net/doc/manual/output/database-output.html > > Everything seems to go OK with the mysql commands to do this. However, > I am not convinced that everything in the /var/ossec/logs is going to > the database. Is there a way to check this? My dumb question is > this: > > If database output is enabled, should everything that is in /var/ossec/ > logs also be in the mysql "ossec" database? > > I understand the webui does not use the database output, and only uses > the logs in /var/ossec/logs. That is fine with me.
