> Did you restart the OSSEC processes on the OSSEC manager? Is remoted > listening on udp 514?
Discovered Remoted was only listening on 1514 and not 514 after using the netstat command (and confirmed the syslog was in fact producing logs via 3rd party monitor). I must have made a grammatical error in the ossec.config because after I retyped the <remote>....</remote> info, remoted was then listening on 514 and the firewall.log is now filling with CiscoASA syslog information! (if that make sense) I appreciate you taking the time to help, Thanks Again Nick -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Wednesday, May 28, 2014 2:12 PM To: [email protected] Subject: Re: [ossec-list] Cisco ASA 5505 Syslog On Wed, May 28, 2014 at 1:27 PM, Nick Stephens <[email protected]> wrote: > Hello, > > > > I am trying to get a Cisco ASA 5505 to send the logs to OSSEC. > > > > I configured the syslog settings in the Cisco ASDM to use port 514/UDP > and pointed it to the local OSSEC server. > > > > I also added In the OSSEC server config file: > > <remote> > > <connection>syslog</connection> > > <port>514</port> > > <protocol>udp</protocol> > > </remote> > Did you restart the OSSEC processes on the OSSEC manager? Is remoted listening on udp 514? > > > Any reason other than possible firewall blocking that nothing is being > logged to the firewall.log or archives.log? > I don't know what really goes to firewall.log, so if you are running a firewall on your OSSEC system, check the actual firewall logs. Use tcpdump to see if the log messages are making it to the OSSEC manager. archives.log is only populated if you have the log all option turned on. Is it? > > > Thanks in advanced. > > > > Nick > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
