You could have ossec monitor ossec.log like it does with active- responses.log. You'd just have to write rules for it, or barring that turn on archives.log
-Scott On Mon, 2019-03-25 at 08:02 -0400, dan (ddp) wrote: > On Fri, Mar 22, 2019 at 12:01 PM YoYo <[email protected]> wrote: > > Hi All, > > > > We are planning to deploy the HIDS agent in large network (say 10k > > servers). > > > > I need to track the agent installation, key registration & startup > > failure. > > > > Is there any way to send AGENT's logs/ossec.log to some external > > syslog server or to the server configured syslog.conf? > > > > Is there any way to achieve this in Agent side or some work around > > to do this? > > > > The agent doesn't have any built-in way to do this. > You could use your syslog daemon to read the file and forward the > logs. I'm pretty sure rsyslogd can do this, not sure about the > others. > > > Apologies if it is a duplicate discussion. I couldn't able to find > > one. > > > > Thanks in advance. > > > > Thanks & Regards, > > Vijay. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, > > send an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
