Hi Muraleedaran, You cannot browse all windows events from the web interface, you can only view Windows Events that have been triggered by a rule to generate an alert. Take a look in this file on the ossec server: <osse_path>/rules/msauth_rules.xml You could write your own rule to generate alerts for other events. If you wish to browse all events for many hosts you could use Windows Event Collector or use winlogd to send events to a syslog server (which is what we do for PCI DSS) Cheers, Max
From: ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com] On Behalf Of Muraleedaran Kanapathy Sent: 08 May 2010 17:07 To: ossec-l...@ossec.net Subject: [ossec-list] ossec for log analysis Dear Sirs We are in the process of installing the OSSEC for the log analyzing purposes for the PCI DSS requirement In windows I have installed the OSSEC agent, but I am unable to see any Windows event logs such Application, System, except for the Security logs ( Including CISCO logs) How can I search these logs via ossec web interface Muraleedaran Kanapathy| Linux/Unix System Engineer - ISS Department Voice +966(1) 2888136 | Fax +966(1) 288-8899 ext 1422 Integrated Networks | Faisaliah Tower | Level 7A | PO Box 53553, Riyadh 11593, KSA | GMT +3 | Email muralee.kanapa...@inet.net.sa<mailto:muralee.kanapa...@inet.net.sa> [cid:image001.jpg@01CAF047.9C138670] Disclaimer: This electronic mail message contains information that (a) is or may be LEGALLY PRIVILEGED, CONFIDENTIAL, ROPRIETARY IN NATURE, OR OTHERWISE PROTECTED BY LAW FROM DISCLOSURE, and (b) is intended only for the use of the Addressee(s) named herein. If you are not the intended recipient, an addressee, or the person responsible for delivering this to an addressee, you are hereby notified that reading, using, copying, or distributing any part of this message is strictly prohibited. If you have received this electronic mail message in error, please contact us immediately and take the steps necessary to delete the message completely from your computer system. Unless explicitly attributed, the opinions expressed in this message do not necessarily represent the official position or opinions of Integrated Networks LLC., whilst all care has been taken, Integrated Networks LLC. disclaims all liability for loss or damage to person or property arising from this message being infected by computer virus or any type of contamination.
<<inline: image001.jpg>>