Hi Kazim,
- Review the ossec.log of your agent: is it monitoring the file? are there errors?. - The log file must exist before OSSEC is started. - Try with the format "syslog". - Copy some logs to /var/ossec/bin/ossec-logtest and check if an alert would be generated. Just some ideas. I hope it helps. Regards. On Friday, July 7, 2017 at 10:15:02 AM UTC+2, Kazim Koybasi wrote: > > Yes OSSEC mentioning about log files and says analyzing log file. I tried > with apache log format and without logformat settings and results is > same.What could be a workaround for that? > > On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote: >> >> I added config below to etc/shared/agent.conf in ossec-server home >> directory but there is no alerts in server.What could I need with this >> configuration? >> >> >> <agent_config name="agent4"> >> <localfile> >> <log_format>apache</log_format> >> <location>/var/log/httpd/site/site_log</location> >> </localfile> >> </agent_config> >> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
