Hi,
I am using AlienVault OSSIM and would like to be able to read logs from
windows besides application, security and system.
I have done the following changes in my configuration files as follows:
<localfile>
<location>OAlerts</location>
<log_format>eventchannel</log_format>
</localfile>
Logs are being pushed to ossec.log on server as follows:
2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun
14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16
Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook Everything
in the "Junk E-mail" folder will be permanently deleted. Continue? P1:
300894 P2: 16.0.4534.1001 P3: aldbzP4:
2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun
14 16:59:33 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16
Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook Everything
in the "Junk E-mail" folder will be permanently deleted. Continue? P1:
300894 P2: 16.0.4534.1001 P3: aldbzP4:
But these are not be logged on the GUI.
I have read on the net that these are informational events and not being
logged. How to enable those?
Grateful to help and provide me the steps in doing so.
Thanks,
IR
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
