Inside "<global></global>" tags. You can review the official docs here: http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html
El martes, 8 de septiembre de 2015, 11:25:49 (UTC+2), Qwe Rty escribió: > > in which portion of ossec.conf we should put this "<logall> yes </logall>" > to store the logs > > On Tuesday, November 29, 2011 at 3:30:51 AM UTC+5:30, Youngquist, Jason R. > wrote: >> >> In the ossec.conf file I understand that I can set the logall to "yes" >> (ie <logall> yes </logall>) and it will log all of the events to >> /logs/archives/archives.log. Is there any way to change the destination IP >> of where the all of the logfiles get sent? Ideally, I'd like all log files >> to go to the IP address of my SIEM, and all events that match a rule can >> get stored locally on the OSSEC server IP. (My current OSSEC server >> doesn't have enough hard drive space to send a copy of all of the logs to >> it). >> >> >> If I can't do this, does anyone run both the Windows OSSEC agent and >> Windows Snare program ( >> http://www.intersectalliance.com/projects/BackLogNT/) on their Windows >> server boxes (2003 and 2008) successfully? I haven't done any tests on >> this yet, but thought I'd throw it out there. >> >> >> Appreciate any thoughts. >> Jason Youngquist, CISSP >> Information Technology Security Engineer >> Technology Services >> Columbia College >> 1001 Rogers Street, Columbia, MO 65216 >> (573) 875-7334 >> jryoun...@ccis.edu >> http://www.ccis.edu >> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
