Hello,
I am getting the following error logged on the “ossec server:
ossec-remoted(1403): Incorrectly formated message from 'IP ADDRESS'”
I read a couple of other posts on this and followed the suggestions there
(confirmed the correct key, confirmed the IP address in the client.key
This is a question I've been wondering: what logformat value should be
used for a firewall rule, if it isn't syslog? I checked the source in
localfile-config.c and I don't see any value there that indicates this
is possible. The only values I see are: syslog, snort-full, snort-
fast, apache,
Great!
By the way: how differ OSSEC from the prelude-lml?
/Tomas
Daniel Cid wrote:
Hi Tomas,
Sebastien Tricaud sent us a patch to add support for IDMEF on ossec,
so it can communicate with Prelude. If you are interested in alpha
versions, you can try it out at: