Where did you getting this error? I meant in splunk search result ?
I've splunk with ossec managment server running on same box and
everything works fine. There is a setting in ossec apps to run script
to collect agent info.
--
Sent from my iPhone
On Feb 28, 2011, at 4:52 AM, Ruta Jn <[email protected]> wrote:
Hi,
I have splunk and ossec installed on the same server.Splunk is
running as root.I have as well installed ossec agents.When I make
search in splunk,I see only 1 host(ossec server),I donn't receive
reports from ossec clients and I get t in splunk next error
message:'"received event for unconfigured/disabled index='_audit'
with source='source::audittrail' host='host::myhostname'
sourcetype='sourcetype::audittrail'.
Can you help me how to fix that problem and to get all my reports
from ossec agents.
Regards,
John
