[ossec-list] Integration with MS SCCM

2017-06-28 Thread Irshad Rahimbux
Dear Team, I would like to integrate Microsoft SCCM with OSSIM. All configuration has been done in ms-sccm.cfg [which was already available]. Logs are coming to /var/log/alienvault/agent.log but not to /var/ossec/logs/alerts/alerts.log Any idea why and what I am doing wrong? kindly advise.

[ossec-list] OSSEC - windows event

2017-05-30 Thread Irshad Rahimbux
Dear All, I would like to be able to retrieve logs from windows machine to my OSSIM. I have done the following changes in ossec.conf on my client: OAlerts eventchannel Microsoft-Windows-WMI-Activity/Operational eventchannel Started the client again. But nothing goes

[ossec-list] Re: OSSEC - windows event

2017-05-31 Thread Irshad Rahimbux
ANy one can provide some help? @Jesus Linares... the link you provided is not helping much. It's for another issue. On Wednesday, May 31, 2017 at 1:07:19 PM UTC+4, Jesus Linares wrote: > > https://groups.google.com/forum/#!topic/ossec-list/wcIE_EcDVxo > > On Tuesday, May 30, 2017 at 4:34:46 PM

[ossec-list] Re: OSSEC - windows event

2017-06-15 Thread Irshad Rahimbux
ere > are no events. > > I hope it helps. > Regards. > > > On Thursday, June 1, 2017 at 6:51:14 AM UTC+2, Irshad Rahimbux wrote: >> >> ANy one can provide some help? @Jesus Linares... the link you provided is >> not helping much. It's for another issue. >

[ossec-list] Re: OSSEC - windows event

2017-06-15 Thread Irshad Rahimbux
The logs are being pushed to archives.log and not ossec.log On Thursday, June 15, 2017 at 11:09:01 AM UTC+4, Irshad Rahimbux wrote: > > > Hi, > > I have done the following changes in my configuration files as follows: > > > OAlerts > eventchannel >

[ossec-list] Logging of informational events on OSSIM

2017-06-15 Thread Irshad Rahimbux
Hi, I am using AlienVault OSSIM and would like to be able to read logs from windows besides application, security and system. I have done the following changes in my configuration files as follows: OAlerts eventchannel Logs are being pushed to ossec.log on server as follows:

[ossec-list] Re: Logging of informational events on OSSIM

2017-06-15 Thread Irshad Rahimbux
The logs are being pushed to archives.log and not ossec.log On Thursday, June 15, 2017 at 11:06:58 AM UTC+4, Irshad Rahimbux wrote: > > Hi, > > I am using AlienVault OSSIM and would like to be able to read logs from > windows besides application, security and system.

[ossec-list] Re: OSSEC-LOGTEST yet Alert Generated yet: **Alert to be generated

2017-06-15 Thread Irshad Rahimbux
Hello. This is a very old thread. But I am facing some similar issues. Can you post your rules that you did for that to work. Thnaks. On Friday, April 13, 2012 at 10:04:21 PM UTC+4, tomcelica wrote: > > Any Ideas what my next step is? No Alert logged even though rule > tests and seems to