How did you securely configure to get around the fact OSSEC permissions don't allow access to that file?
I believe the reason this isn't working for me is because the file is not accessible (logstash shows no errors running, aggravating). I temporarily modified logstash to allow login and tried this: ]# su - logstash -bash-4.1$ pwd /opt/logstash -bash-4.1$ stat /var/ossec/logs/alerts/alerts.log stat: cannot stat `/var/ossec/logs/alerts/alerts.log': Permission denied On Saturday, March 8, 2014 5:02:35 PM UTC-5, Joshua Garnett wrote: > > To address this issue I've put together a logstash config that will read > the alerts from /var/ossec/logs/alerts/alerts.log. On top of solving the > reliability issue, it also fixes issues with multi-lines being lost, and > adds geoip lookups for the src_ip. I tested it against approximately 1GB > of alerts (3M events). > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
