So from my configuration you would say ossec looks good, but most likely the systemd on the other side is logging these messages ?
On Friday, January 23, 2015 at 10:40:09 PM UTC+8, dan (ddpbsd) wrote: > > On Fri, Jan 23, 2015 at 9:37 AM, Alexander Hartner <[email protected] > <javascript:>> wrote: > > Yes, we enabled this option a while back: > > > > /var/ossec/bin/ossec-control enable client-syslog > > > > > > We also configured syslog_output as follows: > > > > <syslog_output> > > <server>192.168.0.1</server> > > <port>9514</port> > > </syslog_output> > > > > We have a separate process listening on port 9514. Could it be that > ossec is > > writing directly to /var/log/messages in addition to this port ? > > > > No, probably not. Perhaps that syslogd is writing to a location OSSEC > is monitoring? > > > > >> Do you have ossec-csyslogd enabled? It looks like you do, and the > >> alerts it sends out are making it back to /var/log/messages. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
