Thank you Daniel...
Works great !!
On 9/30/07, Daniel Cid [EMAIL PROTECTED] wrote:
Hi JM,
I think you are confusing it a bit. The logformat in the localfile
configuration is only
used to tell ossec how to read the logs, not anything else. In fact,
the apache, squid,
syslog fields act the same in there (all one entry per
Hello,
we found out that many sectors changed on disk-space without a filesystem!
(High-level troyaner or hidden volume?)
Therefore we made several point over time(dd-images) of the whole disk and
hoped to be able to analyse the changes later on with commercial forensic
software. But
