I have ossec configured with logall option, so that all log files that are being monitored are copied into archives.log
However I have two stubborn log files which refuse to get copied over. These log files are simple one entry per line log files, so I have used the log_format of syslog According to Notepad++, the log files are generated with UCS-2 Little Endian encoding. If I delete the file and replace it with an identically named file that is encoded using UTF-8 or ANSI then it will copy each new line added to the file. I suspect that the UCS-2 Little Endian encoding is somehow confusing OSSEC so that it doesn't detect new lines, and therefore doesn't think the log entry is completed. I couldn't find anything in the OSSEC documentation regarding character encoding on log files. Any suggestions? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
