-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 marc bayerkohler wrote: > GREAT SOFTWARE > First, thanks for publishing this software. the OSSEC HIDS project looks > great so far. It fills a serious need. I do PCI (payment card industry) > consulting, and every client needs to have a centralized log server and > file integrity solution. The windows/unix ability is perfect. This could > save people a lot of money and get used. > > Also, the installation was really fast. > > QUESTION > I really want to get the file integrity working on windows. I have it > configured to do so, but i am not seeing the FIM (file integrity > monitoring) alerts on the server. I am getting the windows event log > alerts on the server. I have stopped and started the agent a few times, > i see it reading all the files. and i changed some files to trigger an > alert, but havent seen anything.
Did you start the ossec service? When I installed my Windows agent, I noticed that I had to manually start the service (services.msc). > > COMMENTS > I scanned the install docs. fyi, one issue i ran into, the server didn't > seem to be set up to accept remote connections by default (good) but > that wasn't mentioned as an install step to add the <port>1514</port> > line to the server's config. > > a local alerts log on the windows agent would be good. I can get this into bugzilla for you. Not a bad feature request. ;-) > > also, it would be cool if the windows agent log could somehow log if the > alerts aren't getting through to the server. There already is some effort going towards monitoring the agents' status from the server. I don't know how feasible this would be (I'm not a developer). The traffic to the server is sent over UDP, so it's kind of "send and forget". I don't know if there is really any two-way communications. If there is, this should be relatively trivial to implement. I'll add it to the bug as well. > > -- > marc - -- gentux echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2 18D3 4A9E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE70sZTPA54hjTSp4RAjUMAJ9TkVWKeGMIL2C1Vr7qAtF+lcdUYwCdE951 yuUPk6xTZk3h3C2m3+stJp8= =cfC7 -----END PGP SIGNATURE-----
