For starters you do not need to parse the whole log line, in this case
you would start after "smartd[3562]: ".
The syslog (server23) and (smartd) are
decoded by ossec, see
http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules
regards,
m
On Mar 11, 1:17 pm, Vianney Lejeune wrote:
> Hello,
Once an agent ID being added to ossec server, it seem can not be reused, even
after your remove the agent or stop and restart ossec server. The ID will keep
increase.
Is there any way to get around that?
Hello,
My only question is how well does OSSEC handle the load from the logs? My
company has tested other logging analysis engines and the machine was just
buried.
Thanks,
-Ed
_
Hotmail® is up to 70% faster. Now good news
I have been clearing Windows App, Sec and System logs all day today and not one
alert. I have it set for 8 and email on 8's. I am running V2.0 on server and
windows clients. Where can I look to see whats wrong?
-Derek
Hello Daniel,
Thank you for the information. That makes keeping things updated very
simple.
Thanks,
Chris
Considering version 2.0 has agentless monitoring,
On Tue, Mar 10, 2009 at 1:50 PM, Daniel Cid wrote:
>
> Hi Chris,
>
> Much of the time you don't need to update your agents. For example,