Alerts should already contain the log file of the message(s) that generated the alert.
On Wed, Nov 20, 2013 at 11:04 AM, Gerard Petersen <[email protected]> wrote: > Hi All, > > I’m trying to find a generic way to see what (log)locations trigger certain > rules. I’m monitoring a multitude of apache logs on a multitude of servers > and Active Responses work like a charm. > > I would like to know the origin of the AR triggers. For instance, Firewall > lockdowns due to brute force login attempts. Basically I would like to know > what websites pull the most ‘dirt’. The easiest way would be to show the > logfile location in an alert. But I don’t know if that’s easy doable. > > Thanx a lot for your input! > > Kind regards, > > Gerard. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
