Is rsyslogd listening to 127.0.0.1:514 udp? Are the alerts making it to that process? On Apr 4, 2012 9:03 PM, "octomeow" <[email protected]> wrote:
> woud like to get ossec logging to standard rsyslog > > I do a simple > > <syslog_output> > <server>127.0.0.1</server> > </syslog_output> > > # /var/ossec/bin/ossec-control enable client-syslog > # /var/ossec/bin/ossec-control start > > and I see ..... > > Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... > ossec-analysisd: Configuration error. Exiting. > Started ossec-csyslogd... > > but in the lots I don't see > "ossec-csyslogd: INFO: Forwarding alerts via syslog to: xxx" > > please advise >
