Thats what I am afraid of. Another questions, if I forward the ossec logs to a remote syslog host, does it still keep the local logs or does it stop logging locally and send everything wholesale to the remote syslog?
On Jun 10, 3:56 pm, "dan (ddp)" <[email protected]> wrote: > You could setup rsyslog to listen for udp messages on a loopback > address, and use ossec's csyslog to forward messages to it. > Probably. > Guess you'd have to make sure you don't go into a loop or something though.On > Thu, Jun 10, 2010 at 8:41 AM, Ali <[email protected]> wrote: > > Hi Ossec'ers; > > > I need some help please. I would like the ossec server to log all > > alerts and messages to local syslog NOT to a remote syslog. I have > > rsyslog installed in the localhost, what changes do I make to /etc/ > > rsyslog.conf and what changes do I make to /etc/ossec.conf? > > > I have seen instruction for sending syslog to remote syslog host, but > > I do not want to do that, I want to record ossec logs to local syslog > > - say in /var/log/messages or /var/log/secure. How can I do this... > > > Any help will be greatly appreciated. > > > Thx > > Ali.
