On Dec 12, 2012 6:15 AM, "Sendil" <[email protected]> wrote: > > Hello Dan, > > below is the link i was referring to > http://www.ossec.net/doc/manual/monitoring/index.html
Ok. I just wanted to make sure you didn't stumble on something unmaintained. > I am using to gather java stack trace from the app server logs. Below > is the syntax i have used but did not work. > > <localfile> > <log_format>multi-line:50</log_format> > <location>/var/log/resin/jvm-app-0.log</location> > </localfile> > What error are you getting? I feel like that should work, although log lines may be truncated... and every log entry would have to be exactly 50 lines. > In case you have anyother reference links please guide me. > > Thank you. > > On Wed, Dec 12, 2012 at 4:27 PM, dan (ddp) <[email protected]> wrote: > > > > On Dec 12, 2012 5:49 AM, "Sendil" <[email protected]> wrote: > >> > >> > >> Has Anybody has tried using the multi line command in ossec, If yes please > >> let me know the systax used. i have followed the Wiki but could not get the > >> result instead the ossec-hids failed to start. I am using ossec version 2.6. > >> My requirement is to grep 50 lines in the logs after the error is found. > >> currently only i am getting mails of the errors but i have to get the stack > >> trace for that error. > >> > >> Thanks in advance. > > > > I don't think there is a wiki, what examples were you using? > > > > What have you tried? Commands are generally pretty easy, I've contributed a > > few examples to the list in the past.
