Hi.
I write a rule for handling FTP
It should be downloading that file in the log select a field with the file
name.
Exampl:
Src IP: 10.20.0.1 ---> scrip
User: username -> user
etc
What should be specified in the for file name?
--
---
You received this message because you are
Jesus, sure let me pull one up of a connect and disconnect for RDP:
CONNECTION TO SERVER VIA RDP FROM REMOTE WORKSTATION: (SANITIZED OF COURSE)
__
OSSEC HIDS Notification.
2016 Aug 12 07:48:23
Received From: (servername) IP.IP.IP.IP->WinEvtLog
Hi,
I forgot it, you have to enable the output to archives.log. So, in global
section of your ossec.conf add:
yes
You will see all the events that OSSEC is receiving in archives.log and the
alerts in alerts.log (only some events generate alerts). It is a good way
to debug what is happening.
Hi,
would you mind to share log samples for the rules?
Thanks.
On Thursday, August 11, 2016 at 4:10:25 PM UTC+2, robertsc...@gmail.com
wrote:
>
> Thanks Derek, will give that a go!
>
> On Thursday, August 11, 2016 at 8:56:24 AM UTC-5, Derek Morris wrote:
>>
>> So here is what I have in my
Hi Jesus Linares,
Thanks you for responsing my stack :). I've check
*/var/ossec/logs/archives/archives.log
*and there is nothing in there, i mean there is no character in the log.
I've also review my rules, and there isn't any errors :(.
I've read documents about *Localfile *using