Syslog port = 1514?
1,138 views
Skip to first unread message
Ryan Wendel
May 20, 2015, 5:50:43 PM5/20/15
to ossec...@googlegroups.com
During the install process you're asked:
Looking at netstat I see 1514 but no 514
Am I missing something?
3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: y
- Remote syslog enabled.
Looking at netstat I see 1514 but no 514
[root@ossec etc]# netstat -ntul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:43413 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::43885 :::* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:631 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
udp 0 0 0.0.0.0:1514 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:37375 0.0.0.0:*
udp 0 0 0.0.0.0:686 0.0.0.0:*
udp 0 0 0.0.0.0:705 0.0.0.0:*
udp 0 0 :::111 :::*
udp 0 0 :::42249 :::*
udp 0 0 :::686 :::*
Am I missing something?
Ryan Wendel
May 20, 2015, 6:39:46 PM5/20/15
to ossec...@googlegroups.com
I see there is a remote section in ossec.conf:
<remote>
<connection>syslog</connection>
<allowed-ips>192.168.0.0/23</allowed-ips>
<local_ip>192.168.0.185</local_ip>
</remote>
Reply all
Reply to author
Forward
0 new messages