On Nov 19, 2012, at 4:58 PM, Michael Starks wrote: > On 16.11.2012 11:44, Scott wrote: > >> However, I am not receiving all of the remote log entries. In fact, I >> only see a very small amount of the entries. > > Are you sure you're not seeing everything? OSSEC does not save all logs by > default; only those that escalate to an alert.
I have specified the log all option, and the same identical log entries via syslog (instead of the agent) show up.
