I'm using OSSEC 2.8.3 and the Wazuh ruleset addon, primarily for the pci_dss tagging. I have the syslog_output configured to forward to localhost to capture the alerts in syslog (rsyslog on Ubuntu 16.04). The rsyslog configuration has been amended with the imudp module to listen.
I'm getting alerts in syslog but the group information, including the pci_dss tagging from the Wazuh ruleset is not showing up. Am I missing something in my configuration, or is group not included in the syslog forwarding? Thanks very much! David -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.