• Support
  • Forums
  • Blogs

Problem with receive logs from AlienVault OSSIM

alterego2004alterego2004

New Life Form
A good day! I have sensor AlienVault OSSIM v. 5.4.1. A few days ago, I have  error:

'The system has not
received a log from this asset in more than 24 hours. This may be an
indicator of the asset having connection difficulties with AlienVault or
a disruptive configuration change on the asset. At XXX'

and I don't receive logs from client HIDS and logs on syslog device.
How to fix this problem?

With regard
Tagged:

Share post:

Comments

  • edited September 12
    You must do some kind of troubleshooting to find out what prevents the
    agent connection @alterego2004, that error could be caused by a dozen different
    reasons and you need to rule some of them out (Network connectivity,
    agent configuration, IP natting, etc).

    First step is always doing OSSEC agent troubleshoot, this Link might Help:

    When the unexpected happens: FAQ OSSEC 2.8.1 (FAQ 2.7.1)


    alterego2004
  • edited September 13
    A good KyleKat! I looking my logs in console OSSIM
     tail -f var/ossec/logs/alerts/alerts.log
    and view collect logs in real time from clients ossec.
    I have problem in view logs on ossim web console:  I go to ANALYSIS->SIEM->REAL-TIME

Sign In or Register to comment.