I have syslog configured on my OSSEC server and agent. But I don't see
any syslog messages from ossec in any of the logs. My syslog.conf has
these:
*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
daemon.alert /var/log/alert.log
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
This is pretty much the stock values from FreeBSD 6.1.
Things are getting logged into the various ossec logs themselves (under
/var/ossec).
Once I determine my config is correct, I want to start shipping those
syslog messages over the net to another server...
I may end up using syslog-ng at some point.
Thanks.
