Hi all,
I am a bit confused with the remote syslog. I appears that by default
on a server installation the following is defined in ossec.conf:
<remote>
<connection>syslog</connection>
</remote>
<remote>
<connection>secure</connection>
</remote>
But with this config, ossec-remoted only listen to 1514 (default
secure) and not 514 (default syslog)
I googled for this in docs.google.com, and I found on page 74 of the
book that for syslog remote connect we must define list of IPs with
<allowed-ips>.
However, the first time I did a mistake and added the allowed IP
statement within the secure remote section and not the syslog remote
section of ossec.conf.
Where I am confused is that adding a allowed-ips in the secure section
enabled ossec-remoted to listen to the syslog port. Is this not a bug?
I am then worried that if I add allowed-ips with the syslog remote
section, will this impact the secure remote connections?
Thanks
David
http://blog.ombrepixel.com/
