On Wed, 13 Feb 2013 11:42:13 +0000 "C. L. Martinez" <carlopm...@gmail.com> wrote: > HI all, > > I have one ossec agent monitoring some syslog format files and > triggers some alerts if src IP or dst IP matches in a CDB list > configured on ossec server. All works ok until logrotate rotates these > log files. After that, no alerts are produced. Exists some problem > with this combination??
I'm using ossec, logrotate and syslog-ng without any problem. After the log rotation are you still getting syslog data written to the log? An easy workaround might be to add a postrotate to the logrotate config for syslog that restarts ossec.. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
