Dear Dan > What did you set in the agent.conf file?
here is my /var/ossec/etc/shared/agent.conf: <agent_config> <localfile> <log_format>apache</log_format> <location>/var/log/nginx/error_log</location> </localfile> </agent_config> > Did the agent.conf file get transferred from the server to the agents? No, it didn't. I checked /var/ossec/etc/ossec-agent.conf, /var/ossec/etc/ossec.conf (symlink to ossec-agent.conf) and /var/ossec/etc/shared/ossec.conf > Did you restart the agent processes after the new agent.conf was transferred? agent.conf was not transferred but I tried to reatsrt it anyway. > Why do you think it isn't working? Modification time of *.conf files on agents is not changed. And conf files actually doesn't contain: <location>/var/log/nginx/error_log</location> пятница, 12 октября 2012 г., 16:35:27 UTC+4 пользователь dan (ddpbsd) написал: > On Fri, Oct 12, 2012 at 7:37 AM, kay kay <[email protected] <javascript:>> > wrote: > > I tried to follow the > > http://www.ossec.net/doc/manual/agent/agent-configuration.html manual > but > > agents doesn't get the configuration from shared directory > > (/var/ossec/etc/shared directory on server). > > > > Please use specifics. What did you set in the agent.conf file? Did the > agent.conf file get transferred from the server to the agents? Did you > restart the agent processes after the new agent.conf was transferred? > Why do you think it isn't working? > > > пятница, 12 октября 2012 г., 10:46:38 UTC+4 пользователь kay kay > написал: > >> > >> At the moment I use syslog-ng to collect logs from whole servers and > >> analyze them on ossec-server with decoders and rules. > >> > >> How can I configure ossec-server to avoid log collecting with > syslog-ng? > >> > >> I.e. I have two servers (ossec-agents) with nginx. I need to analyze > nginx > >> logs. Should I configure decoder and rule on each ossec-agents or I can > >> create one decoder and one rule on ossec-server and it will be > automatically > >> pushed to ossec-agents? > >
