It looks like I'm receiving events from the remote syslog host, I just didn't realize that I need to configure e-mail alerts for the remote host as well. So again, all looks good so far. Thanks.
Aaron Aaron Bliss wrote: > I added the IP of the remote machine that I want to accept syslogs > from in the ossec.conf file, and now the ossec server is listening on > udp 514, however I still don't think that I'm receiving syslogs from > the remote host. The firewall on the ossec server isn't blocking that > traffic, and there aren't any network related reasons that would > prevent the traffic from getting to the ossec server, however ossec > isn't alerting me on events from the remote host that cause triggers > on the ossec server. Any ideas on how I can verify that the ossec > server is receiving the syslogs from the remote host? Thanks. > > <remote> > <connection>syslog</connection> > <allowed-ips>192.168.8.3</allowed-ips> > </remote> > > Aaron Bliss wrote: >> I figured this out. Thanks. >> >> Aaron >> >> Aaron Bliss wrote: >>> Hi everyone, >>> I'm pretty sure that ossec can do this. Before deploying agents to >>> other machines, I would first like to get ossec to accept syslog's >>> from remote machines and just analyze those messages. During the >>> setup of the ossec server, I chose the option to have it accept >>> syslog messages, however the box isn't listening on port 514, even >>> though ossec on the server is working. Here are the remote sections >>> of the ossec.conf file: >>> <remote> >>> <connection>syslog</connection> >>> </remote> >>> >>> <remote> >>> <connection>secure</connection> >>> </remote> >>> >>> Any ideas on this? Thanks. >>> >>> Aaron >>> >> > -- Aaron Bliss Systems Administrator SUNY Brockport (585) 395-2417
