3 identical servers --- 2 work, 1 does not. all same OS, built from source.
logtest works on all - so it MUST be something with the config. Going to enable logging and see what I can find. One question - this particular server was configured for logging to DB, but then I decided to not use it so I took the db config out of ossec.conf -- but did NOT rebuilt ossec binaries. Hmm, Perhaps something odd here. Time to enable_all for logging and see... On Dec 16, 1:24 pm, "dan (ddp)" <ddp...@gmail.com> wrote: > Are the log messages being pulled in? (enable log_all, and make sure) > Using ossec-logtest, do the log messages get decoded properly?
