On Thu, Sep 1, 2016 at 11:07 AM, dan (ddp) <[email protected]> wrote: > On Thu, Sep 1, 2016 at 10:49 AM, Olivier Doisneau > <[email protected]> wrote: >> So every time I see a log in the /var/ossec/log/alerts/alerts.log I should >> see something being dumped correct? Because right now I see alerts.log >> getting bigger and still nothing on tcpdump. >> > > Yes, you should. Try running csyslogd in debug/foreground mode to see > if there are any interesting logs: > `/var/ossec/bin/ossec-csyslogd -df` >
You might want to also try setting <level>1</level> in the syslog_output section. >> >> On Thursday, September 1, 2016 at 10:18:07 AM UTC-4, Olivier Doisneau wrote: >>> >>> So I changed my ossec.conf to have this: >>> >>> <syslog_output> >>> >>> <server>127.0.0.1</server> >>> >>> <port>8089</port> >>> >>> <format>default</format> >>> >>> </syslog_output> >>> >>> >>> and /var/ossec/bin/ossec-csyslogd >>> >>> is started. But I don't see any attempts to push the logs coming in to >>> syslog in the ossec.log file. >>> >>> >>> Thanks >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
