What logs are syslog formats ?

[furquan]

Hello all :

Out of all the logs within cpanel, Which of them are syslog formats ? Coz i am building up an syslog server in OSSEC and i need to know the formats of all the logs present in the server.

Can any one assist with this ?

[tier2]

I am building out a log server with OSSEC now as well. I would be willing to help out and share the results. I have the cPanel Log Location Reference here, but it does not tell you which ones are syslog and which ones are not syslog files. Although to answer your question directly if you are talking about which logs should be specified as syslog files, than any file with one entry per line could be considered a syslog file.

I recommend getting on their IRC channel one freenode.net and asking your questions in there. I get great responses from there. I also highly recommend the OSSEC Host-Based Intrusion Detection Guide from Syngress. It is not cheap, but it really goes over everything in a very easy to understand way and in the proper order for tackling this project the right way.

[furquan]

Hello Tier :

That is what i am doing at the moment i am building a syslog server using OSSEC But its a bit confusing.

Although my Manager is logging events from the Agents, but i am finding it hard to record exim_mainlog, apache error_logs etc etc.

If you have implemented it, can you let me know what are the logs we should storing, keeping security in mind.