Hi. I've just deployed OSSEC for testing on a VM, and I'm looking to use it for log retention, as well as alerting. I've enabled syslog and logall, and successfully got it alerting and logging from apache logs sent by syslog. But I'm having issues with pfsense.
I've enabled syslog in pfsense, pointing at my ossec installation, but nothing is showing up in the archive logs. tcpdump shows the traffic coming though to the server, as it does with any other syslog traffic, but the logs don't get stored in ossec. Any thoughts? I know of the OSSEC for pfsense module, but I'm installing this as a proof-of-concept and want to make sure that I can get syslog working in case I have a similar issue elsewhere on something other than pfsense. Thanks.
