Hello All,
I have pointed my Symantec AV logs to our OSSEC server via syslog over port
514. I am seeing the logs come into ELSA, but not as OSSEC alerts. I have
created a custom decoder and parser, and can confirm that it is working:
**Phase 2: Completed decoding.
decoder: 'Symantec'
**Phase 3: Completed filtering (rules).
Rule id: '100006'
Level: '7'
Description: 'Symantec: virus found'
**Alert to be generated.
Do I need to point OSSEC to monitor the incoming syslog so that it can
alert on it? Again, I am seeing the straight syslog coming into ELSA, but
no OSSEC alert appears to be generated.
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
