That was copy paste error. Sorry about that. Thanks,
Satish Patel On Mon, Feb 28, 2011 at 2:36 PM, Tanishk Lakhaani <[email protected]> wrote: > Hi satish, > I think there is no need to put > </Database_output> tag in the ossec.conf. Rest of the configuration seems > fine. > Regards > Tanishk Lakhaani > Sent from BlackBerry® on Airtel > > -----Original Message----- > From: satish patel <[email protected]> > Sender: [email protected] > Date: Mon, 28 Feb 2011 11:09:21 > To: <[email protected]> > Reply-To: [email protected] > Cc: Ruta Jn<[email protected]> > Subject: Re: [ossec-list] no matching events found > > I have configured syslog on ossec server to send logs to splunk. I > have following configuration on ossec.conf file on ossec server. > > </database_output> > <syslog_output> > <server>127.0.0.1</server> > <port>10002</port> > </syslog_output> > > > Thanks, > > Satish Patel > > > > > > On Mon, Feb 28, 2011 at 9:21 AM, Ruta Jn <[email protected]> wrote: >> Hi, >> >> Can you help with next question: >> >> I have configured ossec server and splunk on the same server. >> I have also configured ossec agents. >> I try to login as root on ossec agent with wrong password or I login on >> ossec server as root with incorrect password,but it is not reported on >> splunk,when I make search in real time,I get message:no matching events >> found.What is wrong and how to fix it? >> >> Regards, >> >> John >> >> >
