[ossec-list] Re: Configuring OSSEC for PIX

["Daniel Cid" <daniel.cid@xxxxxxxxx>]

Hi Marty,

Our wiki has some information on how to configure the PIX:

http://www.ossec.net/wiki/index.php/Cisco_PIX

To configure ossec, you just need to enable remote syslog and allow
the IP of the PIX to send messages to it. The example bellow
enables remote syslog and allows ip 192.168.2.2 to send messages
to ossec.

 <remote>
   <connection>syslog</connection>
   <allowed-ips>192.168.2.2</allowed-ips>
 </remote>

*Don't forget to restart ossec after changing the config.

*If you already have an entry with "syslog", you just need to
allow the ip of the PIX.

Hope it helps,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 9/7/06, Marty E. Hillman <mehillman@xxxxxxxxxxxx> wrote:
> Would there happen to be a guide somewhere with an overview of
> configuring OSSEC to receive the PIX syslog messages?  It might make it
> easier than my current practice of using Kiwi Syslog Viewer.
>
> This electronic mail (including any attachments) may contain information that
> is privileged, confidential, and/or otherwise protected from disclosure to
> anyone other than its intended recipient(s). Any dissemination or use of this
> electronic email or its contents (including any attachments) by persons other
> than the intended recipient(s) is strictly prohibited. If you have received
> this message in error, please notify us immediately by reply email so that we
> may correct our internal records. Please then delete the original message
> (including any attachments) in its entirety. Thank you.