[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: ossec and splunk

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: ossec and splunk
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Mon, 2 Apr 2007 21:26:24 -0300
Cc: lists.canuck.eh@xxxxxxxxx
Content-disposition: inline
Content-transfer-encoding: 7bit
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b3zhkqpBQ8T5UUis/PujjdbEuikyu92OfXIwnF9Za2mggfpF8LeohTjEU2lOpBJrzBti1b2iFkSLWLy9yauCGpdQHYdgtZhesSAKH+4yD6kfNizx9T2ZCAFWchZR45+eAxsOsW9YcKga+qN1fH9IXV8ntnx06KG7XWxPdIjYufM=


Hi Dale,

On Unix (and any operating system), when a process is listening on a specific
port, no other process is allowed to use it. So, if you have ossec listening on
port 514, splunk is not going to be able to use it. What you can do is disable
remote syslog on ossec, enable your syslog server to receive remote messages
and configure ossec and splunk to read from the files directly.

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 4/2/07, List Subscriptions <lists.canuck.eh@xxxxxxxxx> wrote:


I'm running both ossec and splunk and want both to have access to
syslog sources but it seems that splunk doesn't have access.  Does
ossec take exclusive use of port 514?

Regards,

Dale

Follow-Ups:
- [ossec-list] Re: ossec and splunk
  - From: Vincent Bernat

References:
- [ossec-list] ossec and splunk
  - From: List Subscriptions

Prev by Date: [ossec-list] Re: Log correlation best practices and white papers
Next by Date: [ossec-list] Authentication of Users using WebUI
Previous by thread: [ossec-list] ossec and splunk
Next by thread: [ossec-list] Re: ossec and splunk
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.