If I want to trap the syslog from more than one device, am I assuming correctly that I would configure ossec.conf as follows?
<remote> <connection>syslog</connection> <allowed-ips>10.0.0.1</allowed-ips> <allowed-ips>10.0.0.2</allowed-ips> </remote> Or, better yet... Would I leave the <allowed-ips> entry blank as it is in the default file to allow all syslog messages that are directed to the box? Thanks in advance. > -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] > On Behalf Of Daniel Cid > Sent: Monday, August 28, 2006 2:13 PM > To: [email protected] > Subject: [ossec-list] Re: How to PIX > > > Check out these two links (for the pix side): > > http://www.ossec.net/wiki/index.php/Cisco_PIX > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_not > e09186a0080094030.shtml#configpix|cisco > > For ossec, you just need to allow the cisco IP address in your syslog > configuration and restart ossec. > > <remote> > <connection>syslog</connection> > <allowed-ips>pix-ip</allowed-ips> > </remote> > > Hope it helps.. > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > > On 8/28/06, Dennis Borkhus-Veto <[EMAIL PROTECTED]> wrote: > > > > > > > > > > How can I have my Pix send messages to my ossec server? > > > > > > > > Sincerely > > > > Dennis Borkhus-Veto > > Systems Administrator > > MEE Material Handling L.L.C > > [EMAIL PROTECTED] > > > > This electronic mail (including any attachments) may contain information that is privileged, confidential, and/or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic email or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please notify us immediately by reply email so that we may correct our internal records. Please then delete the original message (including any attachments) in its entirety. Thank you.
