On Thu, Dec 14, 2017 at 10:48 AM, <[email protected]> wrote: > Hello > > I am also a newbie and would like to know what are the setting's for this in > OSSEC. Can you please post your sample config? >
Which syslog daemon are you using? I imagine it shouldn't be too difficult with the common ones. > Thanks > Chuck > > On Tuesday, October 31, 2017 at 7:21:39 AM UTC-4, dan (ddpbsd) wrote: >> >> On Tue, Oct 17, 2017 at 11:17 AM, Julia Vitoria Cardoso >> <[email protected]> wrote: >> > Hi guys. I am a newbie with OSSEC, trying to use primarily for file >> > integrity check. >> > >> > So, the plan is: Ossec agent on server checks integrity, sends results >> > to >> > Ossec server, that send alerts of checksum change with syslog to my SIEM >> > log >> > server. But this one is listening in TCP port 514. According to docs, >> > the >> > syslog output sends UTP Can i change it? >> > >> >> You can send it to the local syslogd, and use that to forward the >> messages via tcp to the siem. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > > ________________________________ > > This email and any files transmitted with it are considered privileged and > confidential unless otherwise explicitly stated otherwise. If you are not > the intended recipient you are notified that disclosing, copying, > distributing or taking any action in reliance on the contents of this > information is strictly prohibited. All email data and contents may be > monitored to ensure that their use is authorized, for management of the > system, to facilitate protection against unauthorized use, and to verify > security procedures, survivability and operational security. Under no > circumstance should the user of this email have an expectation of privacy > for this correspondence. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
