On Fri, Jul 7, 2017 at 8:10 AM, Irshad Rahimbux <irshadrahimbu...@gmail.com> wrote: > I have did all the configuration in ms-sccm.cfg [existing file in plugin > folder]. >
That must be an OSSIM thing. Unrelated to OSSEC. > But still dont see anything in alerts.log. > Turn on the logall option, restart the OSSEC processes on the server. Then look through the archives.log for log samples from SCCM > On Saturday, July 1, 2017 at 1:37:04 AM UTC+4, dan (ddpbsd) wrote: >> >> On Thu, Jun 29, 2017 at 1:00 AM, Irshad Rahimbux >> <irshadra...@gmail.com> wrote: >> > Dear Team, >> > >> > I would like to integrate Microsoft SCCM with OSSIM. >> > >> > All configuration has been done in ms-sccm.cfg [which was already >> > available]. >> > >> > Logs are coming to /var/log/alienvault/agent.log but not to >> > /var/ossec/logs/alerts/alerts.log >> > >> > Any idea why and what I am doing wrong? >> > >> >> In SCCM's configuration file, how are you sending the logs to OSSEC? >> >> > kindly advise. >> > >> > Rgds. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.