Do the other processes send their alerts via udp to 127.0.0.1:514? Most local apps do not. Make sure syslog is listening. On Apr 6, 2012 2:02 PM, "octomeow" <[email protected]> wrote:
> when I restart or there is an alert, it does not go to syslog > but syslog is working since other process use it just fine > > On Apr 4, 6:12 pm, "dan (ddp)" <[email protected]> wrote: > > Is rsyslogd listening to 127.0.0.1:514 udp? Are the alerts making it to > > that process? > > On Apr 4, 2012 9:03 PM, "octomeow" <[email protected]> wrote: > > > > > > > > > woud like to get ossec logging to standard rsyslog > > > > > I do a simple > > > > > <syslog_output> > > > <server>127.0.0.1</server> > > > </syslog_output> > > > > > # /var/ossec/bin/ossec-control enable client-syslog > > > # /var/ossec/bin/ossec-control start > > > > > and I see ..... > > > > > Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... > > > ossec-analysisd: Configuration error. Exiting. > > > Started ossec-csyslogd... > > > > > but in the lots I don't see > > > "ossec-csyslogd: INFO: Forwarding alerts via syslog to: xxx" > > > > > please advise
