Re: [ossec-list] Windows Eventlogs

These were creating big log files and additional event alerts while testing, hence we reverted to the eventlog way. Thank you Victor. On 30 September 2016 at 17:33, Victor Fernandez wrote: > Hi Kumar, > > please ensure that folders "tmp" and "bookmarks" have total permissions

Re: [ossec-list] Windows Eventlogs

Hi Kumar, please ensure that folders "tmp" and "bookmarks" have total permissions for the "SYSTEM" user and the "Administrators" group. Regarding the usage of Event Channel, it's advisable and almost necessary since if your system has certain Windows monitoring events activated —such events

Re: [ossec-list] Windows Eventlogs

Hi Victor, It took a while for this data. We did the book mark deletion and restarted the agent. Still we see the bookmark messages coming in ossec.log and the log file increase is so high. Easily getting about 30 MB in a week and majority of the logs are these bookmark messages. So is it

[ossec-list] Windows Eventlogs

Hi Team, Need your help on this. We have a couple of Windows Active Directory machines on which we need to enable the event logs for Application/System/Security. There are more than a million events which are expected from these eventlogs. Was looking in old posts and clould see utilizing