Yes, we enabled this option a while back: /var/ossec/bin/ossec-control enable client-syslog
We also configured syslog_output as follows: <syslog_output> <server>192.168.0.1</server> <port>9514</port> </syslog_output> We have a separate process listening on port 9514. Could it be that ossec is writing directly to /var/log/messages in addition to this port ? Do you have ossec-csyslogd enabled? It looks like you do, and the > alerts it sends out are making it back to /var/log/messages. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
