Hi, I am using AlienVault OSSIM and would like to be able to read logs from windows besides application, security and system.
I have done the following changes in my configuration files as follows: <localfile> <location>OAlerts</location> <log_format>eventchannel</log_format> </localfile> Logs are being pushed to ossec.log on server as follows: 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun 14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook Everything in the "Junk E-mail" folder will be permanently deleted. Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun 14 16:59:33 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook Everything in the "Junk E-mail" folder will be permanently deleted. Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: But these are not be logged on the GUI. I have read on the net that these are informational events and not being logged. How to enable those? Grateful to help and provide me the steps in doing so. Thanks, IR -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.