On Fri, Dec 31, 2010 at 1:35 PM, Jason 'XenoPhage' Frisvold <xenoph...@godshell.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Dec 30, 2010, at 7:44 PM, dan (ddp) wrote: >> Have ossec read the active-response.log file? >> >> <localfile> >> <log_format>syslog</log_format> >> <location>/var/ossec/logs/active-response.log</location> <!-- or >> whever it is --> >> </localfile> >> >> It's not elegant, but should work. > > > You! With your inescapable logic! > > ... > > Thanks. :) I should have thought of that... :P >
:) If you're using syslog-ng you can read the logs from the file: http://www.syslog.org/logged/reading-logs-from-a-file-in-syslog-ng/ Or with rsyslog: http://www.rsyslog.com/doc/imfile.html > - --------------------------- > Jason 'XenoPhage' Frisvold > xenoph...@godshell.com > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - - Niven's Inverse of Clarke's Third Law > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.14 (Darwin) > > iEYEARECAAYFAk0eInIACgkQ8CjzPZyTUTTDoQCfWMur9kTtorfLI5YXzF/SNJtM > qLQAn0UvoQAWZVDUvD8eMqaTED9JyFY9 > =S+qG > -----END PGP SIGNATURE----- >