[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] opening a local file for scanning

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] opening a local file for scanning
From: "Zach Patrick" <rzp2314@xxxxxxxxx>
Date: Fri, 8 Jun 2007 15:55:00 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=Qm0BU1j0UdMi3MENFRYs6Ulm1En8THbr6N1yYGMw1J7uB6GxCP2zG9qGll43UeKAMNjydkd+w+gibRkrpEI56U6IqdBW9TJXBXSRPH+p/EBbTARurfLzmoqRyIiuTk5tJ/Jnv8RgsnFh11NU5rPcQUd3Z+L7zdM809CjBA8N75k=

Hi All,

I just have a quick question, I'm using syslog-ng to filter and log all the traffic going to the box, storing it in folders and files based on the year, the day and the month, so the file would be located in:

/var/log/syslog/YEAR/server/YEARMONTHDAY

So i have my block set up to find the files:

<localfile>
<log_format>syslog</log_format>
<location>/var/log/syslog/$YEAR/rsync/$YEAR$MONTH$DAY</location>
</localfile>

I know that the $YEAR $MONTH and $DAY parts don't work, but are there any variables like that that will dynamically tell OSSEC the year day and month?

Thanks for your help!

~Zach

Follow-Ups:
- [ossec-list] Re: opening a local file for scanning
  - From: Daniel Cid
- [ossec-list] Re: opening a local file for scanning
  - From: Zach Patrick

Prev by Date: [ossec-list] Re: File anomalies
Next by Date: [ossec-list] OSSEC Server Crashing on Solaris 9
Previous by thread: [ossec-list] Re: Multiple logs
Next by thread: [ossec-list] Re: opening a local file for scanning
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.