On Thu, Jun 21, 2012 at 3:21 PM, Eric Jacobs <[email protected]> wrote: > Splunk guy says ossec hasn't been sending anything to splunk for a while. > Nothing in ossec's config has changed. Is there a log anywhere that can show > me what's happening with the "syslog" parameter? > > -- > Eric Jacobs > Thomas Publishing Company > Infrastructure and operations > Information Technology Group > Phone: 215-494-7312 > Email: [email protected] >
/var/ossec/logs/ossec.log? Is ossec-csyslogd still running?
