Re: [ossec-list] Simple windows application text file log config?

2016-06-24 Thread Jesus Linares
Hi Tom, first of all, you need a decoder to capture the events. It seems that there is no a common part in the logs, so I suggest you to add a tag at the beginning of the log. Examples: local_decoder.xml: ^TomTag: tom_decoder updated User '(\S+)' updated by '(\S+)

Re: [ossec-list] Simple windows application text file log config?

2016-06-23 Thread Tom ONeil
On Thursday, June 23, 2016 at 6:01:00 AM UTC-5, dan (ddpbsd) wrote: > > On Wed, Jun 22, 2016 at 9:11 PM, Tom ONeil > wrote: > > Sorry for the slow response, finally slept for a decent length. > > > > > > > > We are getting everything from the Windows Event logs by

Re: [ossec-list] Simple windows application text file log config?

2016-06-23 Thread dan (ddp)
On Wed, Jun 22, 2016 at 9:11 PM, Tom ONeil wrote: > Sorry for the slow response, finally slept for a decent length. > > > > We are getting everything from the Windows Event logs by default just fine > where they should be. > > Logall is grabbing everything else into

Re: [ossec-list] Simple windows application text file log config?

2016-06-23 Thread Jesus Linares
Hi Tom, If you need to monitor a file (changes, permissions) you must to use syscheck . You *can't* know who made the change. In case you need to generate an alert according to each new line added to a file (event), you

Re: [ossec-list] Simple windows application text file log config?

2016-06-22 Thread Tom ONeil
Sorry for the slow response, finally slept for a decent length. We are getting everything from the Windows Event logs by default just fine where they should be. Logall is grabbing everything else into archives. What I need is the contents of the mentioned text files into, especially

Re: [ossec-list] Simple windows application text file log config?

2016-06-22 Thread dan (ddp)
On Wed, Jun 22, 2016 at 7:42 AM, Tom ONeil wrote: > Just trying to get a simple configuration to pickup the text log files from > a Windows 2012R2 server. > Been over every doc, reinstalled, worked all night and ZIP. > Blood running in my eyes from smashing forehead on

[ossec-list] Simple windows application text file log config?

2016-06-22 Thread Tom ONeil
Just trying to get a simple configuration to pickup the text log files from a Windows 2012R2 server. Been over every doc, reinstalled, worked all night and ZIP. Blood running in my eyes from smashing forehead on keyboard. I have everything going to logall just to see if it's working but I am