Hi ALL. After upgrading ossec to 2.7 release I try to check auditd logs.
server side ossec.conf changes:
<localfile>
<log_format>auditd</log_format>
<location>/var/log/audit/audit.log</location>
</localfile>
# service ossec restart
Stopping OSSEC: [ OK ]
Starting OSSEC: 2012/12/11 12:48:35 ossec-config(1235): ERROR: Invalid
value for element 'log_format': auditd.
2012/12/11 12:48:35 ossec-config(1202): ERROR: Configuration error at
'/var/ossec/etc/ossec.conf'. Exiting.
2012/12/11 12:48:35 ossec-logcollector(1202): ERROR: Configuration error at
'/var/ossec/etc/ossec.conf'. Exiting.
Ossec are really support auditd-log format? Whats wrong?
