Hi satish, I think there is no need to put </Database_output> tag in the ossec.conf. Rest of the configuration seems fine. Regards Tanishk Lakhaani Sent from BlackBerry® on Airtel
-----Original Message----- From: satish patel <[email protected]> Sender: [email protected] Date: Mon, 28 Feb 2011 11:09:21 To: <[email protected]> Reply-To: [email protected] Cc: Ruta Jn<[email protected]> Subject: Re: [ossec-list] no matching events found I have configured syslog on ossec server to send logs to splunk. I have following configuration on ossec.conf file on ossec server. </database_output> <syslog_output> <server>127.0.0.1</server> <port>10002</port> </syslog_output> Thanks, Satish Patel On Mon, Feb 28, 2011 at 9:21 AM, Ruta Jn <[email protected]> wrote: > Hi, > > Can you help with next question: > > I have configured ossec server and splunk on the same server. > I have also configured ossec agents. > I try to login as root on ossec agent with wrong password or I login on > ossec server as root with incorrect password,but it is not reported on > splunk,when I make search in real time,I get message:no matching events > found.What is wrong and how to fix it? > > Regards, > > John > >
