Hello everyone, When devices are configured to send remote syslog to OSSEC on port 514 (let's say a security product), are these syslog logs saved somewhere? even if they don't trigger an alert? As any other normal syslog server would do.
The problem I'm trying to solve is that I want to supervise a service that will send logs to OSSEC with remote syslog on port 514 but since they won't trigger any alert and they will not match any decoder, I won't be able to see them anywhere. I want to see them all somehow so I can study their format and write the appropriate decoders and rules to satisfy that firewall's security requirements. Thanks! :) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/dae419ac-49c5-4ce0-aed0-896ba07c8a2fo%40googlegroups.com.