Do you see anything in the /var/ossec/logs/alerts/alerts.log file? Also, by default windows do not log login failures and other useful information. Make sure that you enabled auditing for these events...
Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 8/28/06, |SaMaN| <[EMAIL PROTECTED]> wrote:
Hello, Latest snapshot has fixed my connection problem but I can just get notification emails about syscheck results of clients. I tried multiple logon failures on clients (windows 2000 and windows 2003 servers) but have not got any mails about security, system or application logs. Any ideas? -----Original Message----- From: Daniel Cid [mailto:[EMAIL PROTECTED] Sent: Sunday, August 27, 2006 2:46 AM To: [email protected] Cc: [EMAIL PROTECTED] Subject: Re: [ossec-list] Re: Centos 4.3 64 Bit Server and Windows Agent I can feel your pain :) I always hate when this happen but next version will have a better connection control and more information about these problems. We had some issues with 64 bits machines that Martin fixed some time ago. Can you try the following snapshot on your server? http://www.ossec.net/files/snapshots/ossec-hids-060820.tar.gz Should fix it.. If not, can you give us more information? http://www.ossec.net/en/faq.html#a2.2 Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 8/26/06, |SaMaN| <[EMAIL PROTECTED]> wrote: > > Also I get notification mails about server but not any of clients that makes > me sick :/ > > -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of |SaMaN| > Sent: Saturday, August 26, 2006 10:14 PM > To: [email protected] > Subject: [ossec-list] Re: Centos 4.3 64 Bit Server and Windows Agent > > > Thanks for replying but there is also nothing in agent-info folder. Maybe > because of SELinux ? > > -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of Marty E. Hillman > Sent: Saturday, August 26, 2006 8:42 PM > To: [email protected] > Subject: [ossec-list] Re: Centos 4.3 64 Bit Server and Windows Agent > > I had this problem on mine My problem was that I needed to allow the IP of > the ossec server to pass email through our spam filters on the email server. > The nature of the headers made them untrusted. > > Hope this helps. > > > -----Original Message----- > From: [email protected] on behalf of |SaMaN| > Sent: Sat 8/26/2006 1:38 AM > To: [EMAIL PROTECTED] > Subject: [ossec-list] Centos 4.3 64 Bit Server and Windows Agent > > Hello, > > > > I have installed latest ossec on both servers and agents. When I run tcpdump > on server I can see communication lines between server and agents after I do > multiple wrong logons on agent but the problem is no logs no emails no > alerts? What is wrong ? > > > >
