Can you show the output of: netstat -an | grep 514
On Fri, Apr 6, 2012 at 15:19, octomeow <[email protected]> wrote: > rsyslog is listening and I'm getting the email reports > so I think ossec and syslog is working fine. > > i jsut don't get the alerts logged to the syslog file like it's > supposed to > > is there some other configuration I should be looking at? I'm a > newbie > > On Apr 6, 11:27 am, "dan (ddp)" <[email protected]> wrote: >> Do the other processes send their alerts via udp to 127.0.0.1:514? Most >> local apps do not. Make sure syslog is listening. >> On Apr 6, 2012 2:02 PM, "octomeow" <[email protected]> wrote: >> >> >> >> > when I restart or there is an alert, it does not go to syslog >> > but syslog is working since other process use it just fine >> >> > On Apr 4, 6:12 pm, "dan (ddp)" <[email protected]> wrote: >> > > Is rsyslogd listening to 127.0.0.1:514 udp? Are the alerts making it to >> > > that process? >> > > On Apr 4, 2012 9:03 PM, "octomeow" <[email protected]> wrote: >> >> > > > woud like to get ossec logging to standard rsyslog >> >> > > > I do a simple >> >> > > > <syslog_output> >> > > > <server>127.0.0.1</server> >> > > > </syslog_output> >> >> > > > # /var/ossec/bin/ossec-control enable client-syslog >> > > > # /var/ossec/bin/ossec-control start >> >> > > > and I see ..... >> >> > > > Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... >> > > > ossec-analysisd: Configuration error. Exiting. >> > > > Started ossec-csyslogd... >> >> > > > but in the lots I don't see >> > > > "ossec-csyslogd: INFO: Forwarding alerts via syslog to: xxx" >> >> > > > please advise -- Registered Linux User # 379282
