I am brand new to Ossec and I am trying to monitor an agent's file /var/path/something/php.log.
I know I have to setup a decoder and rules for this except for the life of me, I cannot figure any of this out. Ossec's documentation on accomplishing this is meh at best. How can I setup the decoder/rules so that if the file gets edited with "PHP Fatal Error" I am notified? I also cannot figure out WHERE ppl are getting their log lines. Any help would be appreciated. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.