Thanks for quick reply.
As I understand agent collect logs with ossec-logcollector and send all off
them server.Server is analyzing all logs with ossec-analysisd daemon and
match them according to decoders and rules.Also if I open logall option in
server it saves all logs under /var/ossec/logs/archives directory.
On Monday, 17 July 2017 09:53:37 UTC+3, Kazim Koybasi wrote:
> Is archives.log under /var/ossec/logs/ contains all logs produced at agent
> host server?I am trying to understand that how OSSEC manager and agent
> topology works. Agent does not contains rules.
> Is it mean that agent send all logs to manager and it process log files
> according to decoder and rule files? Is it logs only processed logs as
> archives.log? Thanks for reading.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.