[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: vsftpd rule

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] Re: vsftpd rule
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Tue, 6 Jun 2006 17:25:24 -0300

That is correct. For each file that you want to monitor, you need to have a
localfile entry.

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net

On 6/6/06, Kayvan A. Sylvan <kayvan@xxxxxxxxxx> wrote:
>
> How do we do that? (configure ossec to read /var/log/vsftpd.log)?
>
> In etc/ossec.conf, I see lines like this:
>
>   <localfile>
>     <log_format>syslog</log_format>
>     <location>/var/log/messages</location>
>   </localfile>
>
> So, do I just add nother snippet like this?
>
>   <localfile>
>     <log_format>syslog</log_format>
>     <location>/var/log/vsftpd.log</location>
>   </localfile>
>
> --
> Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
> Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
> http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

References:
- [ossec-list] Re: vsftpd rule
  - From: Daniel Cid
- [ossec-list] Re: vsftpd rule
  - From: Kayvan A. Sylvan

Prev by Date: [ossec-list] Re: vsftpd rule
Next by Date: [ossec-list] Re: vsftpd rule
Previous by thread: [ossec-list] Re: vsftpd rule
Next by thread: [ossec-list] Re: vsftpd rule
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.