Re: [ossec-list] no output seen from syslog_output
On Friday, March 4, 2016 at 6:43:58 AM UTC-8, dan (ddpbsd) wrote: > > On Thu, Mar 3, 2016 at 7:12 PM, Ted Timmons > wrote: > > I can see alerts (in /var/ossec/logs/alerts/alert.log) but they don't > appear > > in syslog, even though I've configured it to be there. > Did you enable csyslogd? I think it's `/var/ossec/bin/ossec-control > enable client-syslog` > Then restart the processes? > > That's it. I wasn't even aware of that daemon, and it caused things to work. Thanks. -ted -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] no output seen from syslog_output
Hi. I'm setting up ossec 2.8.1, running on Ubuntu 14.04LTS. I can see alerts (in /var/ossec/logs/alerts/alert.log) but they don't appear in syslog, even though I've configured it to be there. The following is my current config; I was running it with only the first two config items at first. 127.0.0.1 json 514 1 To round out the configuration details: rsyslog is configured to accept UDP input: module(load="imudp") input(type="imudp" port="514" address="127.0.0.1") I've proven it works with a simple little netcat: echo '<14>sourcehost message text' | nc -v -u -w 0 127.0.0.1 514 Here's a sample from alerts.log: ** Alert 1457050265.3945: - syslog,sudo 2016 Mar 04 00:11:05 ip-172-31-12-158->/var/log/auth.log Rule: 5402 (level 3) -> 'Successful sudo to ROOT executed' User: ubuntu Mar 4 00:11:05 ip-172-31-12-158 sudo: ubuntu : TTY=pts/3 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/tail -f /var/ossec/logs/alerts/alerts.log Dan provided an answer to this in May 2015, subject "Syslog output issue", but it is missing a lot of detail/followup from the user. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.