On Sep 18, 2013 8:39 AM, "Vasya Gorbachev" <[email protected]> wrote: > > I'm trying to collect kaspersky log from windows clients, > kasper writes log to Event Log, so i add > > <localfile> > <log_format>eventlog</log_format> > <location>Kaspersky Event Log</location> > </localfile> > > to ossec.conf, after restart I see > is server log: ossec-config(1907): INFO: Non-standard event log set: 'Kaspersky Event Log'. > in agent log: ossec-agent(1951): INFO: Analyzing event log: 'Kaspersky Event Log'. > > but i don't see anything according to kaspersky in select * from data; >
Turn on the log all option on the server and restart ossec. Do the kaspersky logs you're expecting end up in /var/ossec/logs/archives/archives.log? > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
