I did end up creating a specific crontab user for remote ssh connections,
and here's the way I did exclude it from alerts if anyone else is
interested.
5501
USERNAME
no_email_alert
Ignore rule 5501 for scheduled crontab user
Kind regards,
Fredrik
Den måndag 29 maj 2017
Dear All,
I would like to be able to retrieve logs from windows machine to my OSSIM.
I have done the following changes in ossec.conf on my client:
OAlerts
eventchannel
Microsoft-Windows-WMI-Activity/Operational
eventchannel
Started the client again. But nothing goes
Hi All,
I am also facing the same problem.I am not getting alert of
creation/deletion of file from windows agent
to my manager(linux). Agent show connected and active, I only get alert
from agent(win) is agent start/restart/change in ossec.conf(agent).
To monitor D:\ drive, I have done the
