Hi, how can I find out if my OSSEC server receives the syslogs from a network device which sends them?
I added the following in to my ossec.conf of the server: <remote> <connection>syslog</connection> <allowed-ips>(IP adress of network device</allowed-ips> <port>(port number)</port> </remote> I had a look at http://www.ossec.net/wiki/index.php/Know_How:Syslog_Configand tcpdump shows me that there is incoming traffic from the network device to the server on the specified port. ossec.log says that the remoted has started and allows connections from the IP specified in the ossec.conf. However it seems like the OSSEC server process doesn't get any remote syslog messages. Kind regards, Oscar