Hi,
how can I find out if my OSSEC server receives the syslogs from a network
device which sends them?
I added the following in to my ossec.conf of the server:
<remote>
<connection>syslog</connection>
<allowed-ips>(IP adress of network device</allowed-ips>
<port>(port number)</port>
</remote>
I had a look at
http://www.ossec.net/wiki/index.php/Know_How:Syslog_Configand tcpdump
shows me that there is incoming traffic from the network device
to the server on the specified port.
ossec.log says that the remoted has started and allows connections from the
IP specified in the ossec.conf.
However it seems like the OSSEC server process doesn't get any remote syslog
messages.
Kind regards,
Oscar
