Set up a new splunk input, udp listener on a different port (like udp 2514)
In syslog.conf, *.* @server1:2514 Restart splunk and syslog -----Original Message----- From: satish patel <[email protected]> Sender: [email protected] Date: Mon, 28 Feb 2011 15:57:39 To: <[email protected]> Reply-To: [email protected] Subject: Re: [ossec-list] OSSEC syslog check Hi Dan, I have following line in my syslog.conf (send all messages to logserver1 which is splunk) *.* @logserver1 I have checked my /var/log/messages and /var/log/secure and look like syslog had stopped appending logs in local file. How do i enable it ? I want both option local and remote syslog. -Satish On Mon, Feb 28, 2011 at 2:36 PM, dan (ddp) <[email protected]> wrote: > Hi Satish, > Do these systems log to both a local file and a remote syslog system? > If so, they can easily parse the local log files without issues. > I have a number of systems setup this way. > > On Thu, Feb 24, 2011 at 3:34 PM, satish patel <[email protected]> wrote: >> Hi All, >> >> In our network we have splunk centralized log server for all >> Linux/Unix box. We have configured syslog to send all logs to Splunk. >> Now i am planing to install OSSEC on all Unix/Linux boxes so question >> is how ossec agent will parse log file while those boxes sending log >> to splunk server via syslog ? >> >> How do i configure splunk vs ossec logs monitoring ? >> >> -Satish >> >
