On Sat, Oct 20, 2012 at 6:46 AM, Chris H <[email protected]> wrote: > Hi. > > I've just deployed OSSEC for testing on a VM, and I'm looking to use it for > log retention, as well as alerting. I've enabled syslog and logall, and > successfully got it alerting and logging from apache logs sent by syslog. > But I'm having issues with pfsense. > > I've enabled syslog in pfsense, pointing at my ossec installation, but > nothing is showing up in the archive logs. tcpdump shows the traffic coming > though to the server, as it does with any other syslog traffic, but the logs > don't get stored in ossec. Any thoughts? > > I know of the OSSEC for pfsense module, but I'm installing this as a > proof-of-concept and want to make sure that I can get syslog working in case > I have a similar issue elsewhere on something other than pfsense. > > Thanks.
Did you set the correct PFSense IP in the allowed ips configuration?
