Hello
I have following configuration in /var/ossec/etc/ossec.conf :
<syslog_output>
<server>10.10.0.11</server>
</syslog_output>
I also see that /var/ossec/bin/ossec-csyslogd is running and considering UDP
port to syslog server :
# lsof -p 3781 | grep UDP
ossec-csy 3781 ossecm 6u IPv4 145795360 0t0 UDP
usm.baipgroup.lt:54414->10.10.0.11:syslog
But no message is sent to syslog server. Strace show that log file is being
read, but no message is sent via UDP :
# strace -p 3781
Process 3781 attached - interrupt to quit
select(0, NULL, NULL, NULL, {0, 891300}) = 0 (Timeout)
read(5, "AV - Alert - \"1432718370\" --> RI"..., 4096) = 4096
read(5, "ION: \"/var/log/auth.log\"; EVENT:"..., 4096) = 4096
read(5, "rity-Auditing: MCibulskis@BAIPGR"..., 4096) = 4096
read(5, "EvtLog\"; LOCATION: \"(NMAIL01) 10"..., 4096) = 2526
read(5, "", 4096) = 0
select(0, NULL, NULL, NULL, {5, 0}) = 0 (Timeout)
read(5, "AV - Alert - \"1432718374\" --> RI"..., 4096) = 4096
read(5, "\"; RL: \"3\"; RG: \"syslog,sudo\"; R"..., 4096) = 1659
read(5, "", 4096) = 0
Why messages are not being delivered via syslog output connection ?
Thanks a lot for an advice.
With best regards
Martynas
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
