It is just as easy as below to monitor OSSEC logs?
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/ossec.log</location>
</localfile>
Moreover, I have enabled the debug of the syscheck and agent. Will the
log monitoring alert all logs messages or just specific "error"
messages?
On 12月17日, 上午3時29分, "dan (ddp)" <ddp...@gmail.com> wrote:
> You can have ossec monitor its own logs.
>
>
>
>
>
>
>
> On Tue, Dec 13, 2011 at 11:15 PM, Macus <macu...@gmail.com> wrote:
> > Is there any way to monitor the ossec server and agent? Like to
> > capture any strange logs in the ossec.log.
