On Fri, Dec 6, 2013 at 12:29 AM, Michael Dongworth <[email protected]> wrote: > I was thinking perhaps there’s a way I could get round this using Profiles > somehow, but haven’t had much luck getting the config I am attempting to > run. >
Profiles? What? > > > Any suggestions as to how I could achieve this? > > There's no real way to do this. You could write your own custom syslog client I guess. Or maybe pass the syslog alerts to a local syslog-ng or rsyslog. You might be able to do that filtering there. You could also pass the log file you don't want to pass to syslog to a separate OSSEC installation I guess. > > Michael > > > > From: Michael Dongworth > Sent: Wednesday, 4 December 2013 4:02 PM > To: [email protected] > Subject: Alerting Question > > > > Hey there, > > > > Just wondering, is it possible to disable Syslog output for just 1 log file > being passed to the Manager, but leave email alerting intact for that same > log file? > > > > I have an agent on my Snort server, and would like to use the email alerting > of Ossec to alert on the Snort plaintext log. I don’t however want these > Snort messages going over the Ossec syslog at all, but do require all other > Ossec messages to be sent to the remote Syslog server I have setup. > > > > All examples/documentation for the Syslog config seem to suggest I can > forward based on alert level, or server, but is there a way to exclude one > logfile only for Syslog without excluding it from email alerting also? > > > > Cheers, > > > > Michael > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
