It'd also help to see the commands you sent to the ASA for syslogging. sh run log or sh run | inc log
On Friday, February 6, 2015 at 8:34:12 AM UTC-8, dan (ddpbsd) wrote: > > On Fri, Feb 6, 2015 at 11:28 AM, Network Infrastructure > <[email protected] <javascript:>> wrote: > > I the folder: > > /var/ossec/logs/archives/archives.log > > /var/ossec/logs/alerts/alerts.log. > > > > I cannot see any changed. So what 's wrong? > > > > I have to assume this means you are not seeing log messages from the > cisco device in /var/ossec/logs/archives/archives.log. If that's the > case: > Use tcpdump to make sure the logs are being sent from the cisco device: > `tcpdump -i NETWORK_INTERFACE_NAME -nn port 514 and host > IP_OF_CISCO_DEVICE` > You should see traffic from the cisco device to the OSSEC manager. If > not, you'll have to look at the settings on your Cisco device to > determine why it isn't sending logs. > > If you do see traffic, make sure ossec-remoted is running. > Make sure it's listening on port 514. > > > > On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure > > wrote: > >> > >> I have configured OSSEC to monitor my ASA 5520 but I cannot see > anything > >> > >> In ASA 5520, I enable syslog server to send syslog to my OSSEC > >> > >> > >> In OSSEC, the /var/ossec/etc/ossec.conf, I configed: > >> > >> <ossec_config> > >> > >> <remote> > >> <connection>syslog</connection> > >> <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips> > >> </remote> > >> <global> > >> <logall>yes</logall> > >> </global> > >> > >> </ossec_config> > >> > >> Then I restart ossec services but I cannot see anything. > >> > >> > >> Help me please ... > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
