Thank you for your prompt response. 1. How can I turn on logall feature on ossec client?
2. it mean that OSSEC client can collect all system logs from /var/log/ forward them to a OSSEC server and store them in /var/ossec/logs/archive/archives.log ? Thx in advance V On Fri, Nov 9, 2018 at 3:41 PM dan (ddp) <[email protected]> wrote: > On Fri, Nov 9, 2018 at 10:39 AM <[email protected]> wrote: > > > > Hi, > > > > I am new to the OSSEC. I am confused about forwarding logs. > > > > > > Does OSSEC client collects logs from /var/log/messages and forwards > them to the ossec server /var/log/messages? Or should be log forwarding > configured in rsyslog on Red Hat to forward all logs to rsyslog server? > > > > OSSEC does not write to /var/log/messages. It can store all logs it > receives in /var/ossec/logs/archive/archives.log, if you turn on the > logall feature. > But if you want a syslog backup of log messages, you'll have to > configure your syslogd to do it for you. > > > Thx in advance > > > > Regards > > > > > > V > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
