Hi,
I have splunk and ossec installed on the same server.Splunk is running as
root.I
have as well installed ossec agents.When I make search in splunk,I see only 1
host(ossec server),I donn't receive reports from ossec clients and I get t in
splunk next error message:'"received event for unconfigured/disabled
index='_audit' with source='source::audittrail' host='host::myhostname'
sourcetype='sourcetype::audittrail'.
Can you help me how to fix that problem and to get all my reports from ossec
agents.
Regards,
John
