[ossec-list] Re: Ossec alert log to syslog server [urgent]

Tue, 12 Jan 2010 06:07:11 -0800 

Hi,
   I set up following architecture:

external agent --ossec--> external manager --syslog--> central manager
<--ossec-- internal agent

External agents send alerts to external manager (10.0.0.2) via ossec
protocol and external manager retransmits these alerts via syslog to
central manager (10.0.0.1).
Agents in internal network send alerts directly to central manager via
ossec protocol.

In occes.conf of external manager I have:
  <syslog_output>
    <server>10.0.0.1</server>
    <port>1515</port>
  </syslog_output>

In occes.conf of central manager is:
  <remote>
    <connection>syslog</connection>
    <port>1515</port>
    <allowed-ips>10.0.0.2/32</allowed-ips>
  </remote>

   Cheers,

      Jakub

On 12 led, 02:15, Altangerel <[email protected]> wrote:
> On 1/12/2010 12:20 AM, Carter, Dennis A wrote:
>
>
>
> > Altangerel,
>
> > Do you have a certain port number that the syslog server uses to
> > receive the alert logs from ossec? If so you may want to add
> > <port>****</port>. The **** would equal the port number like 514.
>
> > Thanks
>
> > Dennis Carter
>
> > Business Technology Services
>
> > 727-464-4527
>
> Thanks guys,
>
> I added port number that is used syslog server. Also enabled
> client-syslog, but it cannot send alert log to syslog server. Is there
> anyone who can send ossec alert log via syslog?
> Please, help me.
>
> I've installed Ossec on FreeBSD 8.0 where syslogd is running.
>
> --
> Altangerel Ganbold

Reply via email to