so you are getting some snort logs and not others on the central server,
correct?
what do these logs look like on the client? (a sample of good and bad logs)
David Lang
On Fri, 11 Oct 2013, Mayur Patil wrote:
Date: Fri, 11 Oct 2013 12:07:31 +0530
From: Mayur Patil <[email protected]>
To: David Lang <[email protected]>
Cc: rsyslog-users <[email protected]>
Subject: Re: [rsyslog-users] Wireshark is capturing but rSyslog not logging
Thanks David sir for reply..
Now I have commented:
1. Sending logs on port 10514 and commented UDP and TCP both
2. Sending logs on port 514 and commented all entries except one UDP
entry i.e. @172.20.54.213.
3. Commented the 86th line.
So result of this, I am getting only one entry of logging components.
but still not getting "snort" application alert logs.
I am sending netstat output of two machines: http://fpaste.org/45997/
rsyslog client [snort installed system ] : ip 172.20.54.211
rsyslog server : ip 172.20.54.213
I am also attaching modified rsyslog.conf files
rsyslog client : http://fpaste.org/46002/
rsyslog server: http://fpaste.org/46003/
Now what is hindering here?
Please guide,
Thanks !!
*--
*
*Cheers,
Mayur*
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
