Hi, Do you get the same result if you set the time span to 7 days? 30 days? Have you set OSSEC to log these alerts or change the alert levels? Do you have one OSSEC server, or multiple OSSEC Servers?
I would also ensure you're sending via SYSLOG to the appropriate Splunk instance (some installs might only listen to 514). What may be happening is the server is reporting the stats as it should, but it isn't forwarding SYSLOG to Splunk correctly. On Wednesday, September 23, 2015 at 10:07:13 AM UTC-4, Edward wrote: > > Hello people, > > On my Ossec server I have installed splunk and also the ossec app for > splunk. > I see now a nice dashboard, but if I look at the figures : > > > > <https://lh3.googleusercontent.com/-khnP7PHZNkg/VgKwoktz9MI/AAAAAAAAEco/VIgfDHE8YKo/s1600/splunk1.png> > > > > > > if you look at signatures, you see number with no description. > > > <https://lh3.googleusercontent.com/-uckCXPJ0dXY/VgKwsjYZkuI/AAAAAAAAEcw/Y8YJv-fAMDk/s1600/splunk2.png> > > > > When you click on it, it shows zero data. > > > <https://lh3.googleusercontent.com/-d0vOM7lWMKc/VgKwwVJeCZI/AAAAAAAAEc4/ywoTyM-sqb8/s1600/splunk3.png> > > > Have you seen this before? > Thi is very annoying, because there is 100 times more of this sort and the > reports will get very messy. > > > > > > <https://lh3.googleusercontent.com/-9bP7NqPAggw/VgKvvD1TrOI/AAAAAAAAEcY/KpYandO58E8/s1600/splunk1.png> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
