On Thu, Jul 30, 2020 at 8:43 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> When devices are configured to send remote syslog to OSSEC on port 514 (let's
> say a security product), are these syslog logs saved somewhere? even if they
> don't trigger an alert? As any other normal syslog server would do.
>
Not by default, but turning on the log all option might save them to
archives.log.
> The problem I'm trying to solve is that I want to supervise a service that
> will send logs to OSSEC with remote syslog on port 514 but since they won't
> trigger any alert and they will not match any decoder, I won't be able to see
> them anywhere. I want to see them all somehow so I can study their format and
> write the appropriate decoders and rules to satisfy that firewall's security
> requirements.
>
> Thanks! :)
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/dae419ac-49c5-4ce0-aed0-896ba07c8a2fo%40googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMpdMC5ZT%3Dsd4Ff5itKkfFR85N_Peq7iCFxBachKYHEnuA%40mail.gmail.com.
