On Wed, Mar 19, 2014 at 7:25 AM, Stephy <[email protected]> wrote: > Hi All, > > just wondering whether there would be a way to have separate alert.log files > generated by source IP (or even by agent name)? For instance, all inputs > from 192.168.1.0/24 go in alert1.log, all inputs from 192.168.2.0/24 go > alert2.log, etc.. > > Not sure whether the topic has already been covered in the past (at least, > under this perspective), but that would definitely be a great to have. >
Not possible without source code changes. What is the benefit to this? I can't think of a single reason I'd ever want this to happen to my logs. > Thanks in advance for any input on this! > S. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
