jamesscwx
commented
8 years ago Currently, DCEPT only sends syslog messages for two reasons:
- A slave node fails to establish an HTTP connection to the master node
- An alert was triggered by using one of the generated credentials
You won't see a syslog message unless there's an error or a security event. You can trigger an event by replaying the example.pcap against the DCEPT interface.
tcpreplay -i
The next update will have a startup syslog message or a heartbeat.
Hi,
I am trying to configure log event forwarding via syslog to remote server. I followed your instructions and changed dcept.cfg file by:
Unfortunately I don't see any syslog message passed to remote server. I confirmed that by running tcpdump on both servers. Is there are anything else that I missed to configure?
The dcept server is running CentOS 7 and rsyslog
thanks,