On Fri, Sep 27, 2013 at 2:44 PM, Jay B <[email protected]> wrote: > I've got an rsyslog file that I'm creating on the same debian 7 system as my > new OSSEC install > > I've set up the following in ossec.conf > > <localfile> > <log_format>syslog</log_format> > <location>/var/syslog/hosts/SA520-K1/firewall.log</location> > </localfile> > > but I don't see any indication in the WUI that the log is being read. > > Could this be because there are no alerts being triggered? OSSEC has been > running for 2 days now & I'd expect to see something on the firewall? > > Is there anyway to tell that a syslog file is being read & parsed correctly? >
grep firewall.log /var/ossec/logs/ossec.log I'm not sure if the expected log message is only available in debug mode. > What other things could be affecting the ability to read the file (I checked > perms & they are 644) > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
