On Thu, Feb 23, 2017 at 11:58 AM, David G. Pullman <[email protected]> wrote: > I'm using OSSEC 2.8.3 and the Wazuh ruleset addon, primarily for the pci_dss > tagging. I have the syslog_output configured to forward to localhost to > capture the alerts in syslog (rsyslog on Ubuntu 16.04). The rsyslog > configuration has been amended with the imudp module to listen. > > I'm getting alerts in syslog but the group information, including the > pci_dss tagging from the Wazuh ruleset is not showing up. Am I missing > something in my configuration, or is group not included in the syslog > forwarding? >
Without looking, I'm guessing it isn't included due to the limited amount of space available for the syslog forwarding. > Thanks very much! > > David > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
