[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: opening a local file for scanning
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: opening a local file for scanning
- From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
- Date: Mon, 11 Jun 2007 19:19:25 -0300
- Cc: "Zach Patrick" <rzp2314@xxxxxxxxx>
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qSX/LAJi7KU03tunJpF15uRxyiNYm6fD0Vwv8x+Q96hUIaFwJltda+8GWIMRWWLK+7Z2rZxKfeuq2NZDObid9/66AwZ4HmPIrzLlB21LC+3sr5du1z0Bmm694flSZrhEGhMaak4c1XpPLpmB6hHVJMP2FzhZxNWewzEpDeu+oqE=
Hi Zach,
Ossec supports file names with the "strftime" format, so you could use "%y"
for year, "%m" for month and "%d" for day:
<location>/var/log/syslog/%y/rsync/%y%m%d</location>
For a list of all conversion values, take a look at the strftime manual page:
http://www.openbsd.org/cgi-bin/man.cgi?query=strftime
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 6/8/07, Zach Patrick <rzp2314@xxxxxxxxx> wrote:
> Hi All,
>
> I just have a quick question, I'm using syslog-ng to filter and log all the
> traffic going to the box, storing it in folders and files based on the year,
> the day and the month, so the file would be located in:
>
> /var/log/syslog/YEAR/server/YEARMONTHDAY
>
> So i have my block set up to find the files:
>
> <localfile>
> <log_format>syslog</log_format>
>
> <location>/var/log/syslog/$YEAR/rsync/$YEAR$MONTH$DAY</location>
> </localfile>
>
> I know that the $YEAR $MONTH and $DAY parts don't work, but are there any
> variables like that that will dynamically tell OSSEC the year day and month?
>
> Thanks for your help!
>
> ~Zach
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.