what use is this solution then? wasn't the point of OSSEC to have a centralized management.... in my case we don't have so much servers running, but for enterprise environment this is not suitable anyway, what you just said, I already figured it out and yes I am getting now alerts from the openvpnlog for example:
Wed Apr 1 15:36:35 2015 us=196958 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) I don't get messages like who is logged on or logged off or as in the case above: which connection is refused spend again much time on this and again at the end no results sorry but OSSEC is definitely not ready for deployment , OSSEC misses so much and even easy things are so complicated but I guess that's a common issue with open source , opensource is not for business environment, maybe for hobbies t at home hope you now understand what I mean and its not whining > As I've said a number of times now, the localfile configuration must > be in the ossec.conf of the system that hosts the log file > (or in agents.conf, but that's a bit advanced at this point). If the > log file exists on a different system, how do you expect > ossec-logcollector to read it? > > >> > >> > >> No, it should send all log messages the agent receives. Double check > >> the archives.log file for the log messages, and check the ossec.log on > >> the agent for errors concerning openvpn.log. > >> > >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
