if i am going though with basic setup of ossec i have created few rules and they are working great.
Please correct me if i am wrong, just need to clear my concept about the product. - what i found out is that there are no rules files on agents systems which means rules are not running on agents rather agents are sending logs to the manager and then manager system decides what to do. what i want to know is that do agent send all the logs in files that i defined in <localfiles> tab or just specific log which are defined in Manager/Server system rules? if agent sends all the logs rather then specific entries, in which file the logs are being stored on Master/Server node? etc/alert.log are just ossec alerts they are not the logs received from agent systems. Can you guys please clear this confusion. Thanks, MYK -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
