Hi all,
I have a really strange problem with ossec-csyslog process in one
server. I have two ossec servers that trigger all alerts to a central
splunk server. From serverA all works ok, ossec-csyslog connects to
splunk server and send all alerts to it. But with the other server I
have problems. Both ossec servers are CentOS 6.2 with same packages
installed and same configuration (of course with different ip's and
different hostnames). Iptables is disabled in both servers ...
From serverB, I can see an established connection:
[root@ossecsrv02 ~]# netstat -atunp |grep 10015
udp 0 0 192.168.44.3:43130 192.168.44.4:10015
ESTABLISHED 14206/ossec-csyslog
But from splunk server side, nothing appears:
[root@splunksrv init.d]# netstat -atunp |grep 10015
udp 0 0 192.168.44.4:10015 0.0.0.0:*
4773/splunkd
and no alerts from serverB appears in splunk web interface ...
Some ideas??
