yes so this is what I see in the alerts.log ** Alert 1472743613.1120105: - pam,syslog,
2016 Sep 01 15:26:53 (dev-login-01) any->/var/log/secure Rule: 5502 (level 3) -> 'Login session closed.' Sep 1 15:26:51 dev-login-01 sshd[2930]: pam_unix(sshd:session): session closed for user od but nothing for the process except this: 2016/09/01 15:24:06 ossec-csyslogd: DEBUG: Starting ... 2016/09/01 15:24:06 ossec-csyslogd: INFO: Chrooted to directory: /var/ossec, using user: ossecm 2016/09/01 15:24:06 ossec-csyslogd: INFO: Started (pid: 12106). 2016/09/01 15:24:06 ossec-csyslogd: INFO: File queue connected. 2016/09/01 15:24:06 ossec-csyslogd: INFO: Forwarding alerts via syslog to: '127.0.0.1:8089'. and nothing else... On Thursday, September 1, 2016 at 10:18:07 AM UTC-4, Olivier Doisneau wrote: > > So I changed my ossec.conf to have this: > > <syslog_output> > > <server>127.0.0.1</server> > > <port>8089</port> > > <format>default</format> > > </syslog_output> > > > and /var/ossec/bin/ossec-*csys*logd > > is started. But I don't see any attempts to push the logs coming in to > syslog in the ossec.log file. > > > Thanks > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
