ain\user, AccessRights={FullAccess}}.
It also missing the rest of the logs. :\
Thanks!
2017. augusztus 12., szombat 1:02:21 UTC+2 időpontban dan (ddpbsd) a
következőt írta:
>
> On Fri, Aug 11, 2017 at 3:16 PM, Tibor Luth <tibo...@gmail.com
> > wrote:
> > Dear Group!
>
Dear Group!
I've tried to parse MSExchande Management / MSExchange Cmdlet logs from
Windows Event Log from its own log source. I've also enabled logall option.
Logtest working. Im currently getting and parsing the logs but I miss
additional informations. Seems like the log is incomplete also
a
következőt írta:
>
> try *log instead of *.log
>
> Eero
>
> 13.2.2017 6.19 ip. "Tibor Luth" <tibo...@gmail.com >
> kirjoitti:
>
>> Thanks.
>> Reading this for second time I've realized what strftime means. So it can
>> work in most c
to replace the day, month, year, etc. For example, to
> monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, 12
> is the month and 15 the day (and it is rolled over every day), do:
>
>
> C:\Windows\app\log-%y-%m-%d.log
> syslog
>
> Eero
>
Unfortunatley I cannot solve the issue in the subject.
I wrote a few rows in the agent.conf (according to ossec-docs), but got an
error.
X:\mylogs\*.log
syslog
The error is:
*"ERROR*: *Glob error*. *Invalid pattern..."*
If I skip the * wildcard and use a proper
Thanks! I will use Nagios for monitoring, and/or correlate its events with
ossec.log (parse this log itself). And we will see the efficiency.
2017. február 1., szerda 14:22:19 UTC+1 időpontban dan (ddpbsd) a
következőt írta:
>
> On Wed, Feb 1, 2017 at 7:14 AM, Tibor Luth <tibo...@
7 at 9:14 AM, Tibor Luth <tibo...@gmail.com
> > wrote:
> > Hi all!
> >
> > I have a few datasources sending remote syslog to an OSSIM appliance
> running
> > Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I would
> > like to gener
Hi all!
I have a few datasources sending remote syslog to an OSSIM appliance
running Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I
would like to generate alerts or see in logs if a datasource (ossec-agents
also) lost connection or stopped logging... (eg. misconfiguration