Hi. The OSSEC deployment within OSSIM uses custom_alert_output, rather than the default log format. I'm was trying to get these alerts sent to another server, and enabled syslog_output, as I have done on other OSSEC deployments. On the OSSIM deployment, the logs do not get forwarded. I removed the custom_alert_output setting in ossec.conf and the logs get forwarded as expected.
Is this a known issue? If not, I can raise a bug on github. Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
