Hi We have a ossec server 0.9 running with several clients. But the windows agents don't read from the eventlogs. I tried editing the ossec.conf at the windows agent with the path directly to the evnetlog something like:
<localfile>
<log_format>system</log_format>
<location>c:\windows\system32\conf\***.evt</location>
</localfile>
What is wrong did I missed something?
Can I see if something is wrong with the syscheck?
Thanks
Ruurd
