On Thu, Feb 12, 2015 at 11:59 AM, Network Infrastructure <[email protected]> wrote: > yes, I change syslog server to use port 2514 too >
I don't know what you mean. If you changed the destination for the logs from the cisco asa run this on the ossec manager: `tcpdump -i ETHERNET_INTERFACE -Xxnnnevvvs 0 port 2514 and host 192.168.11.1` Obviously change the ETHERNET_INTERFACE to the name of the active ethernet interface on the OSSEC manager. If you see traffic, you successfully changed the setting on the cisco asa device. If you do not see traffic you either have no logs or have not succeeded in changing that setting. > On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure > wrote: >> >> I have configured OSSEC to monitor my ASA 5520 but I cannot see anything >> >> In ASA 5520, I enable syslog server to send syslog to my OSSEC >> >> >> In OSSEC, the /var/ossec/etc/ossec.conf, I configed: >> >> <ossec_config> >> >> <remote> >> <connection>syslog</connection> >> <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips> >> </remote> >> <global> >> <logall>yes</logall> >> </global> >> >> </ossec_config> >> >> Then I restart ossec services but I cannot see anything. >> >> >> Help me please ... > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
