On Wed, Apr 1, 2015 at 9:13 AM, <[email protected]> wrote: > Oke, this is what I found in the ossec.log > > ERROR: Unable to open file '/etc/openvpn/log/openvpn.log' > > INFO: File not available, ignoring it: '/etc/openvpn/log/openvpn.log' > > just to double check, I did an ls on the file and it does exist > the openvpn.log doesn't reside on the ossec server but on a client, maybe > the ossec server was checking local > or should I put this rule on client config file? >
As I've said a number of times now, the localfile configuration must be in the ossec.conf of the system that hosts the log file (or in agents.conf, but that's a bit advanced at this point). If the log file exists on a different system, how do you expect ossec-logcollector to read it? >> >> >> No, it should send all log messages the agent receives. Double check >> the archives.log file for the log messages, and check the ossec.log on >> the agent for errors concerning openvpn.log. >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
