On Mon, Mar 27, 2017 at 11:25 AM, wrote:
> Hi All,
>
> So I am currently still troubleshooting, but noticed that the syslog-ng
> process was listening on 514 TCP, but also had an entry for 514 UDP, which
> is the protocol I've set within my ossec.conf. Could this be part
Hi All,
So I am currently still troubleshooting, but noticed that the syslog-ng
process was listening on 514 TCP, but also had an entry for 514 UDP, which
is the protocol I've set within my ossec.conf. Could this be part of the
issue? My guess is that I only want 514 udp listening.
On
On Thu, Mar 16, 2017 at 11:33 AM, wrote:
> Here is the output:
>
> udp0 0 0.0.0.0:514 0.0.0.0:*
> 21090/syslog-ng
>
So syslog-ng is listening for incoming messages.
You'll have to figure out what syslog-ng is doing with the log messages.
> This
Here is the output:
udp0 0 0.0.0.0:514 0.0.0.0:*
21090/syslog-ng
This is the only instance...
On Wednesday, March 15, 2017 at 2:41:58 PM UTC-4, dan (ddpbsd) wrote:
>
> On Tue, Mar 14, 2017 at 3:37 PM,
> wrote:
> >
On Tue, Mar 14, 2017 at 3:37 PM, wrote:
> Hello, yes:
>
> root@xx:/var/log# netstat -tuna | grep 514
> tcp0 0 0.0.0.0:514 0.0.0.0:*
> udp0 0 0.0.0.0:514 0.0.0.0:*
>
>
Adding -p to that could tell you the process using
On Tue, Mar 14, 2017 at 11:44 AM, Jose Luis Ruiz wrote:
> Hello,
>
> In order to permit Ossec recibe your Symantec syslogs messages, you need to
> enable this in the configuration:
>
Unless you're using a proper syslog daemon, which may already be
listening on that port.
>
Hello, yes:
root@xx:/var/log# netstat -tuna | grep 514
tcp0 0 0.0.0.0:514 0.0.0.0:*
udp0 0 0.0.0.0:514 0.0.0.0:*
syslog
161.182.xxx.xxx
161.182.xxx.xxx
On Tuesday, March 14, 2017 at 1:48:17 PM UTC-4, jose wrote:
>
>
Hi, can you verify if the port it’s open?
[root@wazuh-manager /]# netstat -tuna | grep 514
udp0 0 0.0.0.0:514 0.0.0.0:*
The symantec ip is allowed in ossec.conf right?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On March 14, 2017 at
It's very strange...I have enabled already enabled syslog over 514 from our
symantec server to the OSSEC server, and I see the logs coming into our
ELSA instance, but I have grep'd our syslog files, OSSEC archive and OSSEC
alerts files and do not see the log anywhere on the server... Where
Hello,
In order to permit Ossec recibe your Symantec syslogs messages, you need to
enable this in the configuration:
Listen in port 514:
syslog
Symantec AV ip
then you need to restart ossec:
/var/ossec/bin/ossec-control restart
If after these changes you are still not
On Mar 14, 2017 10:57 AM, wrote:
Hello All,
I have pointed my Symantec AV logs to our OSSEC server via syslog over port
514. I am seeing the logs come into ELSA, but not as OSSEC alerts. I have
created a custom decoder and parser, and can confirm that it is working:
Hello All,
I have pointed my Symantec AV logs to our OSSEC server via syslog over port
514. I am seeing the logs come into ELSA, but not as OSSEC alerts. I have
created a custom decoder and parser, and can confirm that it is working:
**Phase 2: Completed decoding.
decoder: 'Symantec'
12 matches
Mail list logo