Greylog don't show OSSEC messagrs - no errors=no clue

shadow_user · August 16, 2018, 1:42pm

I install greylog on debian EC2 with OSSEC on it and followed guide as below
https://2code-monte.co.uk/2018/04/02/ossec-logs-into-graylog/

I can see csyslogd working fine
2018/08/16 11:03:26 ossec-csyslogd: INFO: Started (pid: 3621).
2018/08/16 11:03:26 ossec-csyslogd: INFO: Forwarding alerts via syslog to: ‘10.210.10.184:5555’.
2018/08/16 11:32:05 ossec-csyslogd(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit Cleaning…

But nothing in inputs on greylog

Local inputs
OSSEC_MASTER
bind_address: 0.0.0.0
locale:
max_message_size: 2097152
port: 5555
recv_buffer_size: 262144
tcp_keepalive: false
timezone: Europe/London
tls_cert_file:
tls_client_auth: disabled
tls_client_auth_cert_file:
tls_enable: false
tls_key_file:
tls_key_password: ********
use_full_names: false
use_null_delimiter: false

PLEASE ADVISE !!!

Thanks

jan · August 16, 2018, 2:02pm

Did you double checked that you have done every step in the guide correct?

shadow_user · August 16, 2018, 2:06pm

I double checked and looks like I didn’t miss any steps also I can’t see any errors which is strange

system · August 30, 2018, 2:06pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Greylog not receiving messages from OSSEC - no errors in logs Graylog Central (peer support)	3	701	September 14, 2018
OSSEC UDP Input works but TCP Input dosen't Graylog Central (peer support)	3	432	September 17, 2018
Syslog TCP SSL input with NGINX reverse proxy Graylog Central (peer support)	4	347	January 4, 2024
Can not receive Cisco logs Graylog Central (peer support)	11	8992	May 8, 2018
No message sources found Graylog Central (peer support)	6	1649	April 5, 2017

Greylog don't show OSSEC messagrs - no errors=no clue

Related Topics