On Thu, May 5, 2016 at 2:02 AM, Vani Paridhyani <[email protected]> wrote: > Hi! > > I need to run ossec over tcp. I made below modifications: > > In server ossec.conf: > > <remote> > > <connection>syslog</connection> > > <port>1515</port> > > <protocol>tcp</protocol> > > </remote> > > > In client ossec.conf: > > > <client> > > <server-ip>x.x.x.x</server-ip> > > <port>1515</port> > > </client> > > > Getting below error in client ossec.log > > > ERROR: Unable to send message to server. > > > PS: I am able to telnet to the server from the client on port 1515. Still > this error. >
You setup a syslog server on tcp/1515, but the agent uses the "secure" connection type. I don't think agents can use syslog (there doesn't appear to be any configuration options for it). So use tcp/1515 for systems you want to send logs via syslog. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
