Seriously... Google is your friend, not your enemy... :-) But it means tcpdump is in a state where it is capturing traffic, if you don't see anything on screen after that and logs are DEFINATELY being generated on your asa then the asa isn't sending syslog messages to the ip of the OSSEC manager.
I think you need to start considering hiring someone with more experience in this, or looking at providers who you can pay for this kind of service because once (if) you get it all going the amount of logs generated will blow your mind. On Sat, 14 Feb 2015 13:01 Network Infrastructure <panhatiger...@gmail.com> wrote: > When I re-install new ossec manager and I run `tcpdump -i eth0 -nnXxevvvs > 0 port 2514 and host 192.168.10.1` > > It show message that: > > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture site > 65535 byte. > > so what does it mean? > > > On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure > wrote: >> >> I have configured OSSEC to monitor my ASA 5520 but I cannot see anything >> >> In ASA 5520, I enable syslog server to send syslog to my OSSEC >> >> >> In OSSEC, the /var/ossec/etc/ossec.conf, I configed: >> >> <ossec_config> >> >> <remote> >> <connection>syslog</connection> >> <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips> >> </remote> >> <global> >> <logall>yes</logall> >> </global> >> >> </ossec_config> >> >> Then I restart ossec services but I cannot see anything. >> >> >> Help me please ... >> > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/BEGKABvtmhA/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
