On Thu, May 12, 2016 at 7:16 AM, Yurii Shatylo <[email protected]> wrote: > Dears, > > Can anyone give a hand? Is it possible to divide alerts output writes into > different files from any sources? For example 3 agents which installed on > WIN servers produces alert output to the one file > /var/ossec/logs/alerts/alerts.log but I need that every event sources > produce alerts output into own file. How to do it? > Thank you in advance. > Yurii >
There is nothing in OSSEC that allows you to do this. What you could do is write a daemon to connect to a zeromq socket provided by analysisd, receive the alerts in json format, and output the way you want. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
