Try reverting the configuration to how it was before you made the changes. If you need help with that, maybe providing some of this info could help someone provide the correct info: What OS/distro? What syslog daemon (version and implementation)?
On Mon, Feb 28, 2011 at 3:57 PM, satish patel <[email protected]> wrote: > Hi Dan, > > I have following line in my syslog.conf (send all messages to > logserver1 which is splunk) > > *.* @logserver1 > > > I have checked my /var/log/messages and /var/log/secure and look like > syslog had stopped appending logs in local file. How do i enable it ? > I want both option local and remote syslog. > > -Satish > > > > > > On Mon, Feb 28, 2011 at 2:36 PM, dan (ddp) <[email protected]> wrote: >> Hi Satish, >> Do these systems log to both a local file and a remote syslog system? >> If so, they can easily parse the local log files without issues. >> I have a number of systems setup this way. >> >> On Thu, Feb 24, 2011 at 3:34 PM, satish patel <[email protected]> wrote: >>> Hi All, >>> >>> In our network we have splunk centralized log server for all >>> Linux/Unix box. We have configured syslog to send all logs to Splunk. >>> Now i am planing to install OSSEC on all Unix/Linux boxes so question >>> is how ossec agent will parse log file while those boxes sending log >>> to splunk server via syslog ? >>> >>> How do i configure splunk vs ossec logs monitoring ? >>> >>> -Satish >>> >> >
