I have a working OSSEC that I now want to send the output to a Graylog2 server. I added the following to the ossec.conf file between the ossec_config tags. <syslog_output> <server>192.168.0.33</server> <port>9514</port> <format>cef</format> </syslog_output> I enabled csyslog and restarted OSSEC. It starts csyslogd but never gives me "Forwarding alerts via syslog" in the ossec.log file and if I run an ossec-control status it gives an error that ossec-csyslogd: Process not used by ossec, removing.
If I start ossec-csyslogd in the forground everything works as it should and logs are sent to the Graylog server. If I run OSSEC in debug mode everything works as it should or did for about 12 hours then failed. If i run OSSEC normally it never starts forwarding alerts via syslog. Any help would be greatly appreciated as I am not sure what to look for next. It works in the foreground and in debug mode for a while but will not run normally. Thanks in advance. Phil -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.