Altangerel,
Do you have a certain port number that the syslog server uses to receive the alert logs from ossec? If so you may want to add <port>****</port>. The **** would equal the port number like 514. Thanks Dennis Carter Business Technology Services 727-464-4527 ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Altangerel Sent: Monday, January 11, 2010 4:08 AM To: [email protected] Subject: [ossec-list] Ossec alert log to syslog server [urgent] Dears, I have a problem on sending ossec alert log to syslog server. I found an article that shows how to configure ossec.conf to send log data to syslog server. Then I configured my ossec.conf file like below: <ossec_config> <global> <email_notification>yes</email_notification> <email_to>xxxxxxxxxxxxxxx</email_to> <smtp_server>xxxxxxxxxxxxx</smtp_server> <email_from>xxxxxxxxx</email_from> </global> <syslog_output> <server>172.30.80.40</server> </syslog_output> Is there any mistake on my configuration? Also, do I need to modify syslog.conf file? Please, help me -- Altangerel Ganbold
