I've done a ton of searching and I can't believe I am the only one with this question but:
How can I enable OSSEC to receive and parse both my agent messages (secure, udp 1514) and my firewall IOS messages (syslog, udp 514)? If I enable IOS logging: <remote>syslog</remote> .... I can receive IOS messages just fine, but not agent messages. If I enable agent logging: <remote>secure</remote> I can receive agent messages, but not IOS. I have attempted to set logging on IOS to 1514 logging host internal <host> udp 1514 and tcpdump shows messages arriving, but OSSEC seems to be ignoring them. I'm guessing that I can do a bandaid where I syslog my IOS messages to a server and then feed those logs into OSSEC and if that's the only way to do it, that's fine. I'd just like to know if I am missing something here. Thanks! Jay
