> Try reverting the configuration to how it was before you made the changes.
Before my syslog configured for local files /var/log/* But my requirement is splunk + ossec OS: Red Hat Enterprise Linux AS release 4 (Nahant Update 8) syslogd 1.4.1 Thanks, Satish Patel On Mon, Feb 28, 2011 at 4:04 PM, dan (ddp) <[email protected]> wrote: > Try reverting the configuration to how it was before you made the changes. > If you need help with that, maybe providing some of this info could > help someone provide the correct info: > What OS/distro? > What syslog daemon (version and implementation)? > > On Mon, Feb 28, 2011 at 3:57 PM, satish patel <[email protected]> wrote: >> Hi Dan, >> >> I have following line in my syslog.conf (send all messages to >> logserver1 which is splunk) >> >> *.* @logserver1 >> >> >> I have checked my /var/log/messages and /var/log/secure and look like >> syslog had stopped appending logs in local file. How do i enable it ? >> I want both option local and remote syslog. >> >> -Satish >> >> >> >> >> >> On Mon, Feb 28, 2011 at 2:36 PM, dan (ddp) <[email protected]> wrote: >>> Hi Satish, >>> Do these systems log to both a local file and a remote syslog system? >>> If so, they can easily parse the local log files without issues. >>> I have a number of systems setup this way. >>> >>> On Thu, Feb 24, 2011 at 3:34 PM, satish patel <[email protected]> wrote: >>>> Hi All, >>>> >>>> In our network we have splunk centralized log server for all >>>> Linux/Unix box. We have configured syslog to send all logs to Splunk. >>>> Now i am planing to install OSSEC on all Unix/Linux boxes so question >>>> is how ossec agent will parse log file while those boxes sending log >>>> to splunk server via syslog ? >>>> >>>> How do i configure splunk vs ossec logs monitoring ? >>>> >>>> -Satish >>>> >>> >> >
