i have this error in ossec.log: ossec-analysisd: ERROR: read error on /queue/diff/ossecserver/535/last-entry
only change i made to ossec was to /var/ossec/etc/ossec.conf where added
the following lines:
<localfile>
<log_format>syslog</log_format>
<location>/var/log/10.10.5.5/syslog.log</location>
</localfile>
now on the web gui, nothing shows up under latest events. thoughts?
