[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] [Fwd: Re: [ossec-list] RE: Syslog ossec]

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] [Fwd: Re: [ossec-list] RE: Syslog ossec]
From: Michael Starks <ossec@xxxxxxxxxxxxxxxxx>
Date: Sat, 03 Feb 2007 13:59:34 -0500

Resending.

-------- Original Message --------
Subject: Re: [ossec-list] RE: Syslog ossec
Date: Wed, 31 Jan 2007 20:17:16 -0500
From: Michael Starks <ossec@xxxxxxxxxxxxxxxxx>
To: ossec-list@xxxxxxxxxxxxxxxx
References: <1170259356.4279.25.camel@xxxxxxxxxxxxxxxxxxxx>

Jeremy Melanson wrote:
> I did this because I wanted to save a copy of the incoming SysLog
> message into the Host's respective $HOST/syslog, as well as run them
> against OSSEC's PIX rules. I couldn't OSSEC to use the PIX rules against
> a file-based syslog. *This may not be true with OSSEC 1.0. I just
> haven't had the time to test it.

I do something similar with syslog-NG, but I just have OSSEC (1.0) look
at the local syslog files for dozens of servers and two firewalls (PIX).
 I'm currently monitoring about 300 log files.  It was very easy to set
up with the wildcard support, and has no problem with keeping up.

Prev by Date: [ossec-list] [Fwd: Re: [ossec-list] Re: FW: [ossec-list] Log host?]
Next by Date: [ossec-list] Re: regexp syntax?
Previous by thread: [ossec-list] [Fwd: Re: [ossec-list] Re: FW: [ossec-list] Log host?]
Next by thread: [ossec-list] Matching questions
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.