Judged from the log content:
2007/09/04 15:47:22 ossec-remoted(1501): No IP or network allowed in
the
access list for syslog. No
reason for running it. Exiting.
And in the ossec.conf, you are duplicate remote section.
connectionsyslog/connection
and
connectionsecure/connection
is mutually
I took out connection==secure
I am not getting anymore:
ossec-remoted(1501): No IP or network allowed in
the
access list for syslog. No
reason for running it. Exiting.
But I am still getting the following on the client:
2007/09/05 14:21:35 ossec-execd: Started (pid: 15288).
2007/09/05 14:21:35
Hi Reggie,
My suggestion would be:
-Copy the whole /var/ossec and /etc/ossec-init.conf to the new system.
-Reinstall ossec (running the install.sh and choose the upgrade option).
It should do it..
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/5/07, Reggie Griffin [EMAIL PROTECTED]
Hi Daniel.
You can execute anything you want in there (from perl, to .sh, java,
etc). It just need
to have the executable flag set and accept the proper arguments (add,
delete, etc).
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/3/07, Dan [EMAIL PROTECTED] wrote:
Hi Ossec List