On Thu, Jan 24, 2013 at 7:19 AM, C. L. Martinez <[email protected]> wrote: > Hi all, > > One of my ossec agents is a FreeBSD 8.3 server (release 2.7, same as > the ossec server). This FreeBSD server is a syslog central server and > I use ossec to monitor all syslog files received by several windows > and unix hosts. In the OSSEC server side, I have set up some alerts to > check that there are no hits to or from blacklists IP's (RBN, > zeustracker, etc.) from or to these servers monitored by this FreeBSD > syslog server. But no alerts are triggered because this FreeBSD server > doesn't forward logs to central OSSEC server. > > In agent.conf I have defined a specific configuration for this FreeBSD > server: > > <agent_config name="fbsdsyslog.domain.com"> > <localfile> > <log_format>syslog</log_format> > <location>/data/logs/ossec/chkp.log</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/data/logs/ossec/junos.log</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/data/logs/ossec/junsa.log</location> > </localfile> > .......... > </agent_config> > > The only log file forwarded to central OSSEC server is chkp.log but > not the other until newsyslog process rotates these log files. After > few seconds, no more logs are forwarded to central OSSEC server except > chkp.log. > > Where can be the problem?
Please, any idea?? Is it a bug with 2.7 release?? --
