I am trying to setup Cisco syslog with ossec. The ossec.conf file has a remote section: <remote><connection>syslog</connection><allowed-ips>ip address</allowed-ips></remote> If I run a netstat -anp | grep 514; I see both 514 and 1514 are listening for UDP connections and ossec-remoted has opened the ports. I ran a tcpdump on my server listening to port 514 and I see the router send over a local7.notice syslog entry, but I can not find it in either my /var/log/syslog or the /var/ossec/logs/archive ( I put the log-all statement in the ossec.conf global section). Do I need to make a change to my rsyslog config to accept and log the *.notice? Rsyslog isn't running since ossec-remoted can't open port 514 when it is. Server is a Ubuntu 12.04 and OSSEC is 2.7.1 Sorry for the long email but any guidance would be appreciated. Thank you
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
