I am having trouble configuring syslog-ng.conf on my ossec server (SUSE Linux Enterprise 11) so I can see HP switch logs. The logs are not showing up in /var/log/messages, which would then be analyzed by ossec. The switches have been configured for logging and to use the IP address of the ossec server. I am also running HP Network Automation and Network Node Manager which may be parsing the logs before being captured in messages. Do I also need to change something in ossec.conf?
Also, does anyone have a rule set for HP ProCurve switches, and for 3COM switches (bought by HP). John Walker
