Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- We use OSSEC in a server/clients relationship. On the OSSEC server we send our logs over to our Splunk Server. I would think that you could do the same thing and send them to logstash/kibana.
- <syslog_output>
- <server>192.168.7.23</server>
- <port>10002</port>
- </syslog_output>
- We also send our network devices logs to rsyslog on the OSSEC server and then let ossec parse them as well:
- <localfile>
- <log_format>syslog</log_format>
- <location>/var/log/rsyslog/514.devices.log</location>
- </localfile>
- Thats from memory, it's been a while since I had to revisit our logic of them time ;)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement