[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: opening a local file for scanning
- To: ossec-list@xxxxxxxxx
- Subject: [ossec-list] Re: opening a local file for scanning
- From: "Zach Patrick" <rzp2314@xxxxxxxxx>
- Date: Mon, 11 Jun 2007 13:49:32 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=VUZE7B+GRDFDHqA84vmoGmtIMupJKiI2DBgE/0xqmA8CFXTRPEgqp1N2DDqf7hG30xXRB5eTwZP5/1cwwRYtvyNlIRrCjNiiApwwhehvvT/771IOZJG0537x0Z5aDDAvzRlfqPgxW2l6tzBH6dgCfeA0dpZ5ben4zEnPndsZpbE=
nvm, I figured it out %y, %m, %d :-)
On 6/8/07, Zach Patrick <rzp2314@xxxxxxxxx> wrote:
Hi All,
I just have a quick question, I'm using syslog-ng to filter and log all the traffic going to the box, storing it in folders and files based on the year, the day and the month, so the file would be located in:
/var/log/syslog/YEAR/server/YEARMONTHDAY
So i have my block set up to find the files:
<localfile>
<log_format>syslog</log_format>
<location>/var/log/syslog/$YEAR/rsync/$YEAR$MONTH$DAY</location>
</localfile>
I know that the $YEAR $MONTH and $DAY parts don't work, but are there any variables like that that will dynamically tell OSSEC the year day and month?
Thanks for your help!
~Zach
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.