Hi, add ossec.log to your ossec.conf using <localfile>. Then, you need to create decoders and rules for that events.
Regards, Jesus Linares. On Tuesday, March 15, 2016 at 1:20:33 PM UTC+1, Matthias Fraidl wrote: > > Hi list, > > > > is there a way, (or does anyone have implemented it already) to let ossec > have a look at it's own logfile (ossec.log) and to write/activate a rule to > get alerted if a ERROR like "Incorrectly formated message from x.x.x.x" > occurs? > > > > Best regards, > > Matthias > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
