in which portion of ossec.conf we should put this "<logall> yes </logall>" to store the logs
On Tuesday, November 29, 2011 at 3:30:51 AM UTC+5:30, Youngquist, Jason R. wrote: > > In the ossec.conf file I understand that I can set the logall to "yes" (ie > <logall> yes </logall>) and it will log all of the events to > /logs/archives/archives.log. Is there any way to change the destination IP > of where the all of the logfiles get sent? Ideally, I'd like all log files > to go to the IP address of my SIEM, and all events that match a rule can > get stored locally on the OSSEC server IP. (My current OSSEC server > doesn't have enough hard drive space to send a copy of all of the logs to > it). > > > If I can't do this, does anyone run both the Windows OSSEC agent and > Windows Snare program ( > http://www.intersectalliance.com/projects/BackLogNT/) on their Windows > server boxes (2003 and 2008) successfully? I haven't done any tests on > this yet, but thought I'd throw it out there. > > > Appreciate any thoughts. > Jason Youngquist, CISSP > Information Technology Security Engineer > Technology Services > Columbia College > 1001 Rogers Street, Columbia, MO 65216 > (573) 875-7334 > jryoun...@ccis.edu <javascript:> > http://www.ccis.edu > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
