Thanks for quick reply.
As I understand agent collect logs with ossec-logcollector and send all off 
them server.Server is analyzing all logs with ossec-analysisd daemon and 
match them according to decoders and rules.Also if I open logall option in 
server it saves all logs under /var/ossec/logs/archives directory.

On Monday, 17 July 2017 09:53:37 UTC+3, Kazim Koybasi wrote:
> Is archives.log under /var/ossec/logs/ contains all logs produced at agent 
> host server?I am trying to understand that how OSSEC manager and agent 
> topology works. Agent does not contains rules.
> Is it mean that agent send all logs to manager and it process log files 
> according to decoder and rule files? Is it logs only processed logs as 
> archives.log? Thanks for reading.


You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
For more options, visit

Reply via email to