On Thu, Jul 30, 2020 at 8:43 AM Kyriakos Stavridis <stavridiskyria...@gmail.com> wrote: > > Hello everyone, > > When devices are configured to send remote syslog to OSSEC on port 514 (let's > say a security product), are these syslog logs saved somewhere? even if they > don't trigger an alert? As any other normal syslog server would do. >
Not by default, but turning on the log all option might save them to archives.log. > The problem I'm trying to solve is that I want to supervise a service that > will send logs to OSSEC with remote syslog on port 514 but since they won't > trigger any alert and they will not match any decoder, I won't be able to see > them anywhere. I want to see them all somehow so I can study their format and > write the appropriate decoders and rules to satisfy that firewall's security > requirements. > > Thanks! :) > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/dae419ac-49c5-4ce0-aed0-896ba07c8a2fo%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMpdMC5ZT%3Dsd4Ff5itKkfFR85N_Peq7iCFxBachKYHEnuA%40mail.gmail.com.
