I am experiencing an issue where OSSEC only appears to be forwarding every other alert in the alerts.log file via syslog.
I am testing using Windows DHCP logs where I will delete leases or have new clients obtain a new lease etc. The ms_dhcp_rules.xml file - I've changed to give all rules a level of 1 that previously had '0' and my main ossec.conf is configured to forward all level 1 or above alerts via syslog. If I run a tcpdump on the Syslog Server, I see literally every other log message come through. So if I make 2 new machines get new leases, both alerts show in OSSEC's alerts.log, but only the second one gets forwarded via syslog. No FW's are in the way either. Any ideas what could be causing this? Perhaps I've missed something obvious! Thanks in advance! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
