Yes ossec-csyslogd is enabled and running. I should have said default from OSSIM.
thanks -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Monday, March 16, 2015 6:21 AM To: [email protected] Subject: Re: [ossec-list] Oseec Server output to Suslog Server On Fri, Mar 13, 2015 at 6:14 PM, DirtDiver <[email protected]> wrote: > All, > > I have a fresh install with a default ossec.conf file. Below is the file. > I can not for the life of me get it to forward alerts/logs to the > remote syslog server. What i would really want to do is have this > send all Windows events to the syslog server 10.0.1.116. > > > > > > <ossec_config> > > <global> > > <email_notification>no</email_notification> > <custom_alert_output>AV - Alert - "$TIMESTAMP" --> RID: "$RULEID"; RL: > "$RULELEVEL"; RG: "$RULEGROUP"; RC: "$RULECOMMENT"; USER: "$DSTUSER"; SRCIP: > "$SRCIP"; HOSTNAME: "$HOSTNAME"; LOCATION: "$LOCATION"; EVENT: > "[INIT]$FULLLOG[END]"; </custom_alert_output> I don't think this is a default ossec.conf. > <syslog_output> > <server>10.0.1.116</server> > <port>9000</port> > <format>json</format> > </syslog_output> > Is ossec-csyslogd running? > </ossec_config> > <!-- rules global entry --> > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
