On Thu, Feb 5, 2015 at 9:11 PM, Network Infrastructure <[email protected]> wrote: > I have configured OSSEC to monitor my ASA 5520 but I cannot see anything > > In ASA 5520, I enable syslog server to send syslog to my OSSEC > > > In OSSEC, the /var/ossec/etc/ossec.conf, I configed: > > <ossec_config> > > <remote> > <connection>syslog</connection> > <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips>
I hope you put the actual IP address here instead of IP_OF_CISCO_DEVICE. > </remote> > <global> > <logall>yes</logall> Since you have the logall option enabled, check /var/ossec/logs/archives/archives.log for log messages from the cisco device. If not, that's where we need to start looking. You can also use tcpdump to ensure that the cisco device is sending logs to OSSEC. > </global> > > </ossec_config> > > Then I restart ossec services but I cannot see anything. > Based on previous messages it sounds like you're expecting to see all of the log messages in the web gui. You're not going to see all of the log messages in the web gui. The web gui displays the alerts generated by OSSEC. If the log messages you are sending to OSSEC are not generating alerts, there is nothing to see. To make sure there are alerts that you should be seeing, you can check /var/ossec/logs/alerts/alerts.log. So, what are your expectations? What do you expect to see? > > Help me please ... > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
