Hello everyone, Let's say I have a firewall that I want to configure to send it's logs to my OSSEC server.
I know that I can simply configure my firewall to send logs to my OSSEC server's IP and the ossec server like this: <remote> <connection>syslog</connection> <allowed-ips>{FIREWALL_IP}</allowed-ips> </remote> The thing is that this is an insecure connection and the logs are being sent unencrypted. In OSSEC's documentation it states that there is also the <connection>secure</connection> option that uses authentication and encryption for the logs and receives logs at port 1514. I set my firewall to send remote logs to OSSEC server's IP:1514 but I am not seeing the logs at archives.logs (I check the traffic on 1514 port and I indeed receive traffic from the firewall, although it's not logged) So I guess that the whole "secure" thing to work needs some kind of authentication as I stated before. My question is how do I actually configure that? On the firewall, and on the OSSEC server? Any answers or suggestions are appreciated! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/dad13c7a-7c0e-4444-ae04-46414f1ba62f%40googlegroups.com.