On Thu, Jul 7, 2016 at 3:00 AM, Barry Kaplan <[email protected]> wrote: > I'm trying to ingest the ossec logs into ELK. But the logs seem a bit > irregular in that the log level is in a different position for different > messages, eg: > > 2016/07/06 18:01:48 ossec-syscheckd: INFO: Starting syscheck scan. > 2016/07/06 18:09:35 ossec-syscheckd: INFO: Ending syscheck scan. > 2016/07/06 18:54:35 rootcheck: INFO: Starting rootcheck scan. > 2016/07/06 18:54:37 ERROR: statfs('/var/htdocs') produced error: No such > file or directory > 2016/07/06 18:54:37 ERROR: statfs('/home/httpd') produced error: No such > file or directory > > > Is this on purpose? Could this be changed so the logs are more suitable for > automation? >
It's probably not intentional, just one of those things that happens over time. Feel free to submit a pull request (at https://github.com/ossec/ossec-hids). It seems like a decent idea. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
