Syslog issues

[M Jones]

Hi,

So Ive been trying to send syslog from a syslog server to the manager via the agent log collector but its not alerting at all on any of the logs.

I have checked the agent logs and can see the agent seeing the file but there are no logs after that. Ive put a level 5 alert tested in ossec logtest to verify but still nothing. Im using the local file option with syslog file type bit not sure why its not working. Could permissions of the folder or file have anything todo with it?

Thanks,

[Federico Garcia Cruz]

Hi M Jones,

can you share your local file config?

You can also check if the logs are received by the server setting the logall config and checking the events: logall

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/18deb8e6-e768-44ab-b7ca-e951b91a5891n%40googlegroups.com.

--

Federico Garcia Cruz
Core engineer | federic...@wazuh.com

[M Jones]

Hi federico,

This is from my group config which the agent collecting the syslog file is part of:

<localfile>

<log_format>syslog</log_format>

<location>/var/log/syslogd/192.168.190.4.log</location>

</localfile>

The location was set to /var/log/syslogd/*.log but it doesn't work for some reason. i have now set it to logall so will see if anything shows up.