On 9/30/07, Daniel Cid [EMAIL PROTECTED] wrote:
Hi JM,
I think you are confusing it a bit. The logformat in the localfile
configuration is only
used to tell ossec how to read the logs, not anything else. In fact,
the apache, squid,
syslog fields act the same in there (all one entry per
Hi JM,
I think you are confusing it a bit. The logformat in the localfile
configuration is only
used to tell ossec how to read the logs, not anything else. In fact,
the apache, squid,
syslog fields act the same in there (all one entry per line logs)...
What determines the category of them is
This is a question I've been wondering: what logformat value should be
used for a firewall rule, if it isn't syslog? I checked the source in
localfile-config.c and I don't see any value there that indicates this
is possible. The only values I see are: syslog, snort-full, snort-
fast, apache,