It is just as easy as below to monitor OSSEC logs? <localfile> <log_format>syslog</log_format> <location>/var/ossec/logs/ossec.log</location> </localfile>
Moreover, I have enabled the debug of the syscheck and agent. Will the log monitoring alert all logs messages or just specific "error" messages? On 12月17日, 上午3時29分, "dan (ddp)" <ddp...@gmail.com> wrote: > You can have ossec monitor its own logs. > > > > > > > > On Tue, Dec 13, 2011 at 11:15 PM, Macus <macu...@gmail.com> wrote: > > Is there any way to monitor the ossec server and agent? Like to > > capture any strange logs in the ossec.log.