On Mon, Dec 28, 2009 at 10:17 AM, Jeff Turley <[email protected]> wrote: > I am confused as to how OSSEC listening on port 514 works. When I > installed OSSEC I said yes when the installer asked if I wanted OSSEC to > listen on port 514. However, I also have syslog-ng installed and listening > on port 514. I do not have any devices configured as syslog devices in the > ossec.conf file. When I configure a device to log to syslog and point it to > the OSSEC server the devices log are read into the /var/log/messages file. > For example if I use the web interface to search for log messages from my > firewall the location is displayed as: > (Firewall IP)->/var/log/messages. Is this the best way to do this? Should > I disable remote syslog on the ossec server and configure each device in the > ossec.conf file as a syslog device? If I disable remote syslog on the ossec > server will the ossec processes automatically start to listen on port 514? > Thanks Jeff Turley > > >
OSSEC doesn't listen on 514, your syslog server (syslog-ng) does. OSSEC listens on 1514, if you set it up to use secure communication.
