Update: I'm almost done with the mods but I have a question for anyone that has used ossec2mysql.pl in daemon mode before:
Does it work?... executing: <path to ossec2mysql.pl> --conf <path to conf> -d OR --daemon Simply starts ossec2mysql.pl, logs a single event at /var/log/ossec2mysql.log and that's it... ps auwx |grep ossec2mysql shows it is not running... lsof |grep alerts confirms only ossec has the file open.... I've been looking at the code and can't figure out how the current code would actually tail /var/ossec/log/alerts/alerts/<year>/<month>/ossec-alerts-<day>.log continously... I finally gave up and modded the following line: EDIT: line 446 - open STDIN, '/dev/null' or die "Can't read /dev/null: $!"; line 446 - open STDIN, "-|", "/usr/bin/tail", "-f", "/var/ossec/logs/alerts/2013/Feb/ossec-alerts-04.log" or die "could not start tail on $LOG: $!"; This seems to have done the trick and the script is on a constant tail. Once I finish this last issue I will run the new script on our prod environment to see how it performs.... -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
