SHARE
TWEET

Untitled

a guest Mar 11th, 2014 138 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. We use OSSEC in a server/clients relationship. On the OSSEC server we send our logs over to our Splunk Server. I would think that you could do the same thing and send them to logstash/kibana.
  2.  
  3.   <syslog_output>
  4.     <server>192.168.7.23</server>
  5.     <port>10002</port>
  6.   </syslog_output>
  7.  
  8. We also send our network devices logs to rsyslog on the OSSEC server and then let ossec parse them as well:
  9.  
  10.   <localfile>
  11.     <log_format>syslog</log_format>
  12.     <location>/var/log/rsyslog/514.devices.log</location>
  13.   </localfile>
  14.  
  15. Thats from memory, it's been a while since I had to revisit our logic of them time ;)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top