Thanks for quick reply. As I understand agent collect logs with ossec-logcollector and send all off them server.Server is analyzing all logs with ossec-analysisd daemon and match them according to decoders and rules.Also if I open logall option in server it saves all logs under /var/ossec/logs/archives directory.
On Monday, 17 July 2017 09:53:37 UTC+3, Kazim Koybasi wrote: > > Is archives.log under /var/ossec/logs/ contains all logs produced at agent > host server?I am trying to understand that how OSSEC manager and agent > topology works. Agent does not contains rules. > Is it mean that agent send all logs to manager and it process log files > according to decoder and rule files? Is it logs only processed logs as > archives.log? Thanks for reading. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.