I'm trying to ingest the ossec logs into ELK. But the logs seem a bit
irregular in that the log level is in a different position for different
messages, eg:
2016/07/06 18:01:48 ossec-syscheckd: INFO: Starting syscheck scan.
2016/07/06 18:09:35 ossec-syscheckd: INFO: Ending syscheck scan.
2016/07/06 18:54:35 rootcheck: INFO: Starting rootcheck scan.
2016/07/06 18:54:37 ERROR: statfs('/var/htdocs') produced error: No such
file or directory
2016/07/06 18:54:37 ERROR: statfs('/home/httpd') produced error: No such
file or directory
Is this on purpose? Could this be changed so the logs are more suitable for
automation?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
