Hi Dale,
On Unix (and any operating system), when a process is listening on a specific port, no other process is allowed to use it. So, if you have ossec listening on port 514, splunk is not going to be able to use it. What you can do is disable remote syslog on ossec, enable your syslog server to receive remote messages and configure ossec and splunk to read from the files directly. Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 4/2/07, List Subscriptions <[EMAIL PROTECTED]> wrote:
I'm running both ossec and splunk and want both to have access to syslog sources but it seems that splunk doesn't have access. Does ossec take exclusive use of port 514? Regards, Dale
