Greetings!
I'm having some difficulty trying to set up a Sonicwall to be monitored by
OSSEC. Here's what I've done so far:
1. Set the Sonicwall to send syslog messages to the OSSEC server on port
514.
2. Confirmed with tcpdump that the OSSEC server is in fact receiving the
syslog messages.
3. Added the following entry in ossec.conf
<remote>
<connection>syslog</connection>
<allowed-ips>sonicwall ip address</allowed-ips>
</remote>
4. restarted the ossec server.
I found a really old email about setting up a syslog entry, but I wasn't
sure if that's still applicable.
http://www.mail-archive.com/ossec-list@googlegroups.com/msg02566.html
I've also read this "Why is OSSEC not seeing PIX syslog messages?" link
suggested to others.
http://www.ossec.net/wiki/Know_How:Syslog_Config
Looking in the alerts.log, I don't see any mention of the sonicwall at all.
Any help is appreciated.
Thanks,
Mike Scott
