Will try and update. Thank you. On Thursday, May 14, 2015 at 7:59:03 AM UTC-7, LostInThe Tubez wrote: > > Have you turned on logall > <https://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html> > > and looked in /var/ossec/logs/archives/archives.log to verify you aren’t > getting anything from the System and Application logs? It may be that you > simply aren’t getting any entries from those logs that are triggering > alerts. This seems unlikely, but in theory possible, depending on how busy > these servers are and how you have your system audit policy setup. > > > > *From:* ossec...@googlegroups.com <javascript:> [mailto: > ossec...@googlegroups.com <javascript:>] *On Behalf Of *Daniel Wagner > *Sent:* Wednesday, May 13, 2015 7:20 PM > *To:* ossec...@googlegroups.com <javascript:> > *Subject:* [ossec-list] Windows Application and System logs > > > > Hello all, > > I've installed OSSEC HIDS Agent v2.8 on a few Windows 2008R2 servers and > Windows 2003 servers and am receiving the Security logs on my OSSEC > server, but not the Application and System logs. > > My config file is the default from the install which has a <localfile> > entry for all three logs. > > The OSSEC agent log shows: > INFO: Analyzing event log :Application > INFO: Analyzing event log :Security > INFO: Analyzing event log :System > > Querying 'WinEvtLog: Application' produces no results. Querying > 'WinEvtLog: Security' show numerous events from all my servers. > > Any ideas on why the Application and System logs are not being processed? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.