On Tue, Dec 11, 2012 at 6:20 AM, Roman K <[email protected]> wrote: > Hi ALL. After upgrading ossec to 2.7 release I try to check auditd logs. > > server side ossec.conf changes: > > <localfile> > <log_format>auditd</log_format> > <location>/var/log/audit/audit.log</location> > </localfile> > > # service ossec restart > Stopping OSSEC: [ OK ] > Starting OSSEC: 2012/12/11 12:48:35 ossec-config(1235): ERROR: Invalid value > for element 'log_format': auditd. > 2012/12/11 12:48:35 ossec-config(1202): ERROR: Configuration error at > '/var/ossec/etc/ossec.conf'. Exiting. > 2012/12/11 12:48:35 ossec-logcollector(1202): ERROR: Configuration error at > '/var/ossec/etc/ossec.conf'. Exiting. > > Ossec are really support auditd-log format? Whats wrong?
Sorry, I thought I had removed all references to that after the commit was reverted. Use syslog, the auditd stuff didn't work.
