On Fri, Jan 23, 2015 at 9:37 AM, Alexander Hartner <[email protected]> wrote: > Yes, we enabled this option a while back: > > /var/ossec/bin/ossec-control enable client-syslog > > > We also configured syslog_output as follows: > > <syslog_output> > <server>192.168.0.1</server> > <port>9514</port> > </syslog_output> > > We have a separate process listening on port 9514. Could it be that ossec is > writing directly to /var/log/messages in addition to this port ? >
No, probably not. Perhaps that syslogd is writing to a location OSSEC is monitoring? > >> Do you have ossec-csyslogd enabled? It looks like you do, and the >> alerts it sends out are making it back to /var/log/messages. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
