Hello, I have a question It is possible to send ossec group/s when I use syslog_output?
For example, in the file alert.log I have this log: ** Alert 1462920563.18241: - syslog,access_control,authentication_failed, 2016 May 10 15:49:23 localhost->/var/log/secure Rule: 2501 (level 5) -> 'User authentication failure.' May 10 15:49:23 localhost pam: gdm-password: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=user I want to have information about groups in kibana, for searchs: "syslog,access_control,authentication_failed" It is possible? Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
