I have a working OSSEC that I now want to send the output to a Graylog2
server. I added the following to the ossec.conf file between the
ossec_config tags.
<syslog_output>
<server>192.168.0.33</server>
<port>9514</port>
<format>cef</format>
</syslog_output>
I enabled csyslog and restarted OSSEC. It starts csyslogd but never gives
me "Forwarding alerts via syslog" in the ossec.log file and if I run an
ossec-control status it gives an error that ossec-csyslogd: Process not
used by ossec, removing.
If I start ossec-csyslogd in the forground everything works as it should
and logs are sent to the Graylog server. If I run OSSEC in debug mode
everything works as it should or did for about 12 hours then failed. If i
run OSSEC normally it never starts forwarding alerts via syslog.
Any help would be greatly appreciated as I am not sure what to look for
next. It works in the foreground and in debug mode for a while but will
not run normally. Thanks in advance.
Phil
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
