dan (ddp) wrote:
> On Thu, Oct 29, 2009 at 7:44 AM, Holger Gläß <[email protected]> wrote:
>
>> hi
>>
>> i run syslog-ng as main syslog server and i hope that i can migrate this
>> one to ossec.
>>
>> holger
>>
>>
>
> It might just work. Have you tried it? I haven't messed with syslog-ng
> much, so I
> can't help with the config without reading the documentation.
>
hi
yes i did , forward from my snort sensor system via syslog udp the
messages to the
ossec syslog listen ip but nothing happend.
my ossec config part of syslog looks
<remote>
<connection>syslog</connection>
<local_ip>10.90.1.67</local_ip>
<port>514</port>
<allowed-ips>127.0.0.1</allowed-ips>
<allowed-ips>10.90.1.0/24</allowed-ips>
</remote>
hm, maybe that i miss understood the syslog part of ossec.
i thinks that the ossec syslog server is an replacement for syslog-ng as
example.
holger
