Hi All, When using the syslog output, is it possible to send the output to two different syslog servers?
This is what I have in our server's ossec.conf -- <syslog_output> <server>192.168.246.96</server> <port>514</port> </syslog_output> <!-- Splunk --> <syslog_output> <server>172.27.146.15</server> <port>10009</port> </syslog_output> I ran tcpdump to capture the syslog output using this command: tcpdump -tttt -w /tmp/ossec_3.pcap -i eth0 port 514 or port 10009 However, the only data captured was for port 514. Can only one <syslog_output> be used? Or is there something else I need to do? Thanks, Patrick Swartz ----------------------------------------- The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify First Data immediately by replying to this message and deleting it from your computer.
