I have configured syslog on ossec server to send logs to splunk. I have following configuration on ossec.conf file on ossec server.
</database_output> <syslog_output> <server>127.0.0.1</server> <port>10002</port> </syslog_output> Thanks, Satish Patel On Mon, Feb 28, 2011 at 9:21 AM, Ruta Jn <[email protected]> wrote: > Hi, > > Can you help with next question: > > I have configured ossec server and splunk on the same server. > I have also configured ossec agents. > I try to login as root on ossec agent with wrong password or I login on > ossec server as root with incorrect password,but it is not reported on > splunk,when I make search in real time,I get message:no matching events > found.What is wrong and how to fix it? > > Regards, > > John > >
