GREAT SOFTWARE
First, thanks for publishing this software. the OSSEC HIDS project looks great so far. It fills a serious need. I do PCI (payment card industry) consulting, and every client needs to have a centralized log server and file integrity solution. The windows/unix ability is perfect. This could save people a lot of money and get used.
Also, the installation was really fast.
QUESTION
I really want to get the file integrity working on windows. I have it configured to do so, but i am not seeing the FIM (file integrity monitoring) alerts on the server. I am getting the windows event log alerts on the server. I have stopped and started the agent a few times, i see it reading all the files. and i changed some files to trigger an alert, but havent seen anything.
COMMENTS
I scanned the install docs. fyi, one issue i ran into, the server didn't seem to be set up to accept remote connections by default (good) but that wasn't mentioned as an install step to add the <port>1514</port> line to the server's config.
a local alerts log on the windows agent would be good.
also, it would be cool if the windows agent log could somehow log if the alerts aren't getting through to the server.
--
marc
- [ossec-list] windows file integrity question, ossec is gr... marc bayerkohler
- [ossec-list] Re: windows file integrity question, os... Joseph Wagner
- [ossec-list] Re: windows file integrity question, os... gentuxx
- [ossec-list] Re: windows file integrity question... Marty E. Hillman
- [ossec-list] Re: windows file integrity ques... gentuxx
- [ossec-list] Re: windows file integrity ... Martin Leung
- [ossec-list] Re: windows file integ... marc bayerkohler
- [ossec-list] Re: windows file i... Meir Michanie
- [ossec-list] OSSEC2BASE 0.0.0.0 |SaMaN|
- [ossec-list] Re: OSSEC2BASE... Meir Michanie
- [ossec-list] Re: OSSEC2BASE... |SaMaN|
