Sorry, sent my email unfinished. The documentation for localfile options can be found here:
http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.localfile.html Hope that helps On Thu, Jan 14, 2016 at 10:05 AM, Santiago Bassett < [email protected]> wrote: > Hi, > > if I understood the question correctly I think you just need to configure > a new "localfile" section in your ossec.conf file. Regarding formats, here > are the options: > > > On Thu, Jan 14, 2016 at 9:00 AM, Joao T. <[email protected]> wrote: > >> So in that case i dont need to use syslog to read the logs? >> what do i need to configure in OSSEC to read this file with logs? these >> logs can be in any format? >> >> On Monday, January 4, 2016 at 2:50:12 PM UTC+1, dan (ddpbsd) wrote: >> >>> On Mon, Jan 4, 2016 at 8:46 AM, Joao T. <[email protected]> wrote: >>> > Can I feed ossec server with log files or just is possible to feed the >>> > agents? >>> > >>> >>> If those logfiles exist on the server, the OSSEC processes there >>> should be able to read them. >>> >>> > On Thursday, December 31, 2015 at 11:56:10 AM UTC+1, Alberto Mijares >>> wrote: >>> >> >>> >> You can use syslog. Tell syslogd to write a specific file and ossec >>> >> agent to read that file. >>> >> >>> >> Read about syslog format and protocol, and the man page of the syslog >>> >> server in your OS. >>> >> >>> >> Regards >>> >> >>> >> >>> >> Alberto Mijares >>> >> >>> >> >>> >> >>> >> On Thu, Dec 31, 2015 at 5:34 AM, Joao T. <[email protected]> wrote: >>> >> > Hello, >>> >> > >>> >> > I would like to know if it is possible to send to Ossec server some >>> logs >>> >> > created by my own script running in the same hostname than Ossec >>> server >>> >> > ? >>> >> > To which port should I communicate and what about the message? can >>> be >>> >> > plain >>> >> > text? >>> >> > >>> >> > Thank you and happy new year >>> >> > Joao >>> >> > >>> >> > >>> >> > -- >>> >> > >>> >> > --- >>> >> > You received this message because you are subscribed to the Google >>> >> > Groups >>> >> > "ossec-list" group. >>> >> > To unsubscribe from this group and stop receiving emails from it, >>> send >>> >> > an >>> >> > email to [email protected]. >>> >> > For more options, visit https://groups.google.com/d/optout. >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
