Greetings! I'm having some difficulty trying to set up a Sonicwall to be monitored by OSSEC. Here's what I've done so far: 1. Set the Sonicwall to send syslog messages to the OSSEC server on port 514. 2. Confirmed with tcpdump that the OSSEC server is in fact receiving the syslog messages. 3. Added the following entry in ossec.conf <remote> <connection>syslog</connection> <allowed-ips>sonicwall ip address</allowed-ips> </remote>
4. restarted the ossec server. I found a really old email about setting up a syslog entry, but I wasn't sure if that's still applicable. http://www.mail-archive.com/ossec-list@googlegroups.com/msg02566.html I've also read this "Why is OSSEC not seeing PIX syslog messages?" link suggested to others. http://www.ossec.net/wiki/Know_How:Syslog_Config Looking in the alerts.log, I don't see any mention of the sonicwall at all. Any help is appreciated. Thanks, Mike Scott