Hi, you also need to enable syslog output on your ossec server : #/var/ossec/bin/ossec-control enable client-syslog #/var/ossec/bin/ossec-control restart
as found here : http://www.ossec.net/main/splunk-ossec-integration Cheers, Wim On Mon, Jan 11, 2010 at 10:07 AM, Altangerel <[email protected]> wrote: > Dears, > > I have a problem on sending ossec alert log to syslog server. I found an > article that shows how to configure ossec.conf to send log data to syslog > server. > Then I configured my ossec.conf file like below: > > <ossec_config> > <global> > <email_notification>yes</email_notification> > <email_to>xxxxxxxxxxxxxxx</email_to> > <smtp_server>xxxxxxxxxxxxx</smtp_server> > <email_from>xxxxxxxxx</email_from> > </global> > <syslog_output> > <server>172.30.80.40</server> > </syslog_output> > > Is there any mistake on my configuration? Also, do I need to modify > syslog.conf file? > Please, help me > > -- > Altangerel Ganbold > -- Wim Remes Security Afficionado
