On Fri, Feb 6, 2015 at 11:28 AM, Network Infrastructure <[email protected]> wrote: > I the folder: > /var/ossec/logs/archives/archives.log > /var/ossec/logs/alerts/alerts.log. > > I cannot see any changed. So what 's wrong? >
I have to assume this means you are not seeing log messages from the cisco device in /var/ossec/logs/archives/archives.log. If that's the case: Use tcpdump to make sure the logs are being sent from the cisco device: `tcpdump -i NETWORK_INTERFACE_NAME -nn port 514 and host IP_OF_CISCO_DEVICE` You should see traffic from the cisco device to the OSSEC manager. If not, you'll have to look at the settings on your Cisco device to determine why it isn't sending logs. If you do see traffic, make sure ossec-remoted is running. Make sure it's listening on port 514. > On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure > wrote: >> >> I have configured OSSEC to monitor my ASA 5520 but I cannot see anything >> >> In ASA 5520, I enable syslog server to send syslog to my OSSEC >> >> >> In OSSEC, the /var/ossec/etc/ossec.conf, I configed: >> >> <ossec_config> >> >> <remote> >> <connection>syslog</connection> >> <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips> >> </remote> >> <global> >> <logall>yes</logall> >> </global> >> >> </ossec_config> >> >> Then I restart ossec services but I cannot see anything. >> >> >> Help me please ... > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
