[ossec-dev] [Bug 94] New: syslog format should not be hardcoded

[ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx]

http://www.ossec.net/bugs/show_bug.cgi?id=94

           Summary: syslog format should not be hardcoded
           Product: OSSEC
           Version: 1.4
          Platform: Macintosh
        OS/Version: Mac OS
            Status: NEW
          Severity: blocker
          Priority: P1
         Component: ossec core
        AssignedTo: ossec-dev@xxxxxxxxx
        ReportedBy: flux@xxxxxxxxxxxxxxxxxxxxx


The format for syslog-type log files should not be hardcoded into
ossec-analysisd, but configured in the xml (such as the decoder). I run metalog
(I like it) and ossec chokes on the logs because there is an improper hostname
in the log strings (actually, it's an altogether missing hostname, since
metalog does not currently handle remote logging). I think ossec is a great
tool, and would like to use it for my machine, but currently that is not
possible unless I change logger utilities. I would like to keep metalog, since
I am only administering a single local machine, and have no need for remote
logging (obviously, I did the "local" install for ossec). Please move the
definition of the log formats out of the code and into configurable xml files.


-- 
Configure bugmail: http://www.ossec.net/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.