On Thu, Dec 30, 2010 at 4:55 PM, Saket <saketbajo...@gmail.com> wrote: > Hi, > > Is there a way to consolidate all the active-response.log file from > all the agents? > > It is difficult to access each agents active-response.log, I am > presuming there is a way to consolidate all the active-response.log in > the server. > > I know the alert logs can be sent to a syslog server, Is it possible > to send the active-response logs aswell ? > > Thanks, > Saket
Have ossec read the active-response.log file? <localfile> <log_format>syslog</log_format> <location>/var/ossec/logs/active-response.log</location> <!-- or whever it is --> </localfile> It's not elegant, but should work.
