I've got an rsyslog file that I'm creating on the same debian 7 system as my new OSSEC install
I've set up the following in ossec.conf <localfile> <log_format>syslog</log_format> <location>/var/syslog/hosts/SA520-K1/firewall.log</location> </localfile> but I don't see any indication in the WUI that the log is being read. Could this be because there are no alerts being triggered? OSSEC has been running for 2 days now & I'd expect to see something on the firewall? Is there anyway to tell that a syslog file is being read & parsed correctly? What other things could be affecting the ability to read the file (I checked perms & they are 644) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
