On Wed, Feb 11, 2015 at 11:06 PM, Network Infrastructure <[email protected]> wrote: > When I open ossec.log I saw that: > > Remote syslog allowed from: '192.168.10.1' > Error: Unable to bind port '514' >
It looks like your syslogd is currently bound to that port. You can either make it stop doing this, or configure OSSEC to use another port. To make OSSEC use another port: <remote> <connection>syslog</connection> <port2514</port> <allowed-ips>192.168.10.1</allowed-ips> <local_ip>IP_ADDRESS_OF_THE_OSSEC_MANAGER</local_ip> </remote> After changing the syslog remote section to match the above (CHANGING THE IP_ADDRESS_OF_THE_OSSEC_MANAGET to the actual IP address of the OSSEC manager), restart the OSSEC processes on the manager. I don't know if you need to delete the logging hsot from the cisco asa device, but adding it should be something like: logging host inside 192.168.10.11 udp/2514 > On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure > wrote: >> >> I have configured OSSEC to monitor my ASA 5520 but I cannot see anything >> >> In ASA 5520, I enable syslog server to send syslog to my OSSEC >> >> >> In OSSEC, the /var/ossec/etc/ossec.conf, I configed: >> >> <ossec_config> >> >> <remote> >> <connection>syslog</connection> >> <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips> >> </remote> >> <global> >> <logall>yes</logall> >> </global> >> >> </ossec_config> >> >> Then I restart ossec services but I cannot see anything. >> >> >> Help me please ... > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
