[ossec-list] Re: Cannot get Syslog from Cisco Devices
So if I want to get syslog at alert level, What should I do? If you have solution help me please? On Wednesday, March 25, 2015 at 3:17:17 AM UTC+7, Nhen Panha wrote: > > Hello sir! > > Today, I would like to ask you the problem between configuration Ossec and > Cisco devices. > > In cisco router and switch I config: > > logging on > logging host IP_OF_MY_OSSEC_SERVER > logging trap alerts > logging facility local7 > > In the Ossec manager: > > in the file ossec.conf, I add > > > > syslog > IP_OF_CISCO_DEVICE > > > yes > > > > > Then I restart the Ossec services but in the > file /var/ossec/logs/archives/archives.log > I didn't see anything. So help me please > > > Thank with best regard > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Re: Cannot get Syslog from Cisco Devices
2015-03-24 23:31 GMT+02:00 Nhen Panha : > Help me to configure my router with ossec manager > Do you really understand how cisco logging works? logging trap XXX sets the log level of cisco to syslog. http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/command/reference/nm_book/nm_09.html#wp1015177 try logging trap *informational and testa again.* *level alerts almost disables logging, so you don't get much logs to syslog or ossec.* -- Eero -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Cannot get Syslog from Cisco Devices
Help me to configure my router with ossec manager On Wednesday, March 25, 2015 at 3:17:17 AM UTC+7, Nhen Panha wrote: > > Hello sir! > > Today, I would like to ask you the problem between configuration Ossec and > Cisco devices. > > In cisco router and switch I config: > > logging on > logging host IP_OF_MY_OSSEC_SERVER > logging trap alerts > logging facility local7 > > In the Ossec manager: > > in the file ossec.conf, I add > > > > syslog > IP_OF_CISCO_DEVICE > > > yes > > > > > Then I restart the Ossec services but in the > file /var/ossec/logs/archives/archives.log > I didn't see anything. So help me please > > > Thank with best regard > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Cannot get Syslog from Cisco Devices
I use Cisco router On Wednesday, March 25, 2015 at 3:17:17 AM UTC+7, Nhen Panha wrote: > > Hello sir! > > Today, I would like to ask you the problem between configuration Ossec and > Cisco devices. > > In cisco router and switch I config: > > logging on > logging host IP_OF_MY_OSSEC_SERVER > logging trap alerts > logging facility local7 > > In the Ossec manager: > > in the file ossec.conf, I add > > > > syslog > IP_OF_CISCO_DEVICE > > > yes > > > > > Then I restart the Ossec services but in the > file /var/ossec/logs/archives/archives.log > I didn't see anything. So help me please > > > Thank with best regard > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
