Auditing is enabled on all clients. I see only syscheck logs on alerts.log file.
-----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Cid Sent: Monday, August 28, 2006 10:07 PM To: [email protected] Subject: [ossec-list] Re: Centos 4.3 64 Bit Server and Windows Agent Do you see anything in the /var/ossec/logs/alerts/alerts.log file? Also, by default windows do not log login failures and other useful information. Make sure that you enabled auditing for these events... Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 8/28/06, |SaMaN| <[EMAIL PROTECTED]> wrote: > > Hello, > > Latest snapshot has fixed my connection problem but I can just get > notification emails about syscheck results of clients. I tried multiple > logon failures on clients (windows 2000 and windows 2003 servers) but have > not got any mails about security, system or application logs. Any ideas? > > -----Original Message----- > From: Daniel Cid [mailto:[EMAIL PROTECTED] > Sent: Sunday, August 27, 2006 2:46 AM > To: [email protected] > Cc: [EMAIL PROTECTED] > Subject: Re: [ossec-list] Re: Centos 4.3 64 Bit Server and Windows Agent > > I can feel your pain :) I always hate when this happen but next > version will have > a better connection control and more information about these problems. > > We had some issues with 64 bits machines that Martin fixed some time ago. > Can you try the following snapshot on your server? > > http://www.ossec.net/files/snapshots/ossec-hids-060820.tar.gz > > Should fix it.. If not, can you give us more information? > http://www.ossec.net/en/faq.html#a2.2 > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On 8/26/06, |SaMaN| <[EMAIL PROTECTED]> wrote: > > > > Also I get notification mails about server but not any of clients that > makes > > me sick :/ > > > > -----Original Message----- > > From: [email protected] [mailto:[EMAIL PROTECTED] On > > Behalf Of |SaMaN| > > Sent: Saturday, August 26, 2006 10:14 PM > > To: [email protected] > > Subject: [ossec-list] Re: Centos 4.3 64 Bit Server and Windows Agent > > > > > > Thanks for replying but there is also nothing in agent-info folder. Maybe > > because of SELinux ? > > > > -----Original Message----- > > From: [email protected] [mailto:[EMAIL PROTECTED] On > > Behalf Of Marty E. Hillman > > Sent: Saturday, August 26, 2006 8:42 PM > > To: [email protected] > > Subject: [ossec-list] Re: Centos 4.3 64 Bit Server and Windows Agent > > > > I had this problem on mine My problem was that I needed to allow the IP > of > > the ossec server to pass email through our spam filters on the email > server. > > The nature of the headers made them untrusted. > > > > Hope this helps. > > > > > > -----Original Message----- > > From: [email protected] on behalf of |SaMaN| > > Sent: Sat 8/26/2006 1:38 AM > > To: [EMAIL PROTECTED] > > Subject: [ossec-list] Centos 4.3 64 Bit Server and Windows Agent > > > > Hello, > > > > > > > > I have installed latest ossec on both servers and agents. When I run > tcpdump > > on server I can see communication lines between server and agents after I > do > > multiple wrong logons on agent but the problem is no logs no emails no > > alerts? What is wrong ? > > > > > > > > > >
