Hello, I have just upgraded from 2.5.1 to 2.6 and I no longer get remote
syslog messages in the logs (all was working before the upgrade). I wanted
to get on the latest stable version and keep it up-to-date.
Here is a portion of my ossec.conf:
<remote>
<connection>syslog</connection>
<allowed-ips>0.0.0.0/0</allowed-ips>
</remote>
<remote>
<connection>secure</connection>
</remote>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/secure.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/system.log</location>
</localfile>
Netstat/lsof/ps shows that ossec-remoted has the connection open. I *am*
getting
local syslog information, just not remote.
I inherited this ossec installation and am not all that familiar with it,
but I have read the manual and studied all of the config entries -- but I'm
not sure where to look now.
Can someone help me get this going again?
Thanks,
Scott
