Hi, if I understood the question correctly I think you just need to configure a new "localfile" section in your ossec.conf file. Regarding formats, here are the options:
On Thu, Jan 14, 2016 at 9:00 AM, Joao T. <[email protected]> wrote: > So in that case i dont need to use syslog to read the logs? > what do i need to configure in OSSEC to read this file with logs? these > logs can be in any format? > > On Monday, January 4, 2016 at 2:50:12 PM UTC+1, dan (ddpbsd) wrote: > >> On Mon, Jan 4, 2016 at 8:46 AM, Joao T. <[email protected]> wrote: >> > Can I feed ossec server with log files or just is possible to feed the >> > agents? >> > >> >> If those logfiles exist on the server, the OSSEC processes there >> should be able to read them. >> >> > On Thursday, December 31, 2015 at 11:56:10 AM UTC+1, Alberto Mijares >> wrote: >> >> >> >> You can use syslog. Tell syslogd to write a specific file and ossec >> >> agent to read that file. >> >> >> >> Read about syslog format and protocol, and the man page of the syslog >> >> server in your OS. >> >> >> >> Regards >> >> >> >> >> >> Alberto Mijares >> >> >> >> >> >> >> >> On Thu, Dec 31, 2015 at 5:34 AM, Joao T. <[email protected]> wrote: >> >> > Hello, >> >> > >> >> > I would like to know if it is possible to send to Ossec server some >> logs >> >> > created by my own script running in the same hostname than Ossec >> server >> >> > ? >> >> > To which port should I communicate and what about the message? can >> be >> >> > plain >> >> > text? >> >> > >> >> > Thank you and happy new year >> >> > Joao >> >> > >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
