On Wed, May 28, 2014 at 1:27 PM, Nick Stephens <[email protected]> wrote: > Hello, > > > > I am trying to get a Cisco ASA 5505 to send the logs to OSSEC. > > > > I configured the syslog settings in the Cisco ASDM to use port 514/UDP and > pointed it to the local OSSEC server. > > > > I also added In the OSSEC server config file: > > <remote> > > <connection>syslog</connection> > > <port>514</port> > > <protocol>udp</protocol> > > </remote> >
Did you restart the OSSEC processes on the OSSEC manager? Is remoted listening on udp 514? > > > Any reason other than possible firewall blocking that nothing is being > logged to the firewall.log or archives.log? > I don't know what really goes to firewall.log, so if you are running a firewall on your OSSEC system, check the actual firewall logs. Use tcpdump to see if the log messages are making it to the OSSEC manager. archives.log is only populated if you have the log all option turned on. Is it? > > > Thanks in advanced. > > > > Nick > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
