|
Hello, I have installed first snort sql table and
then base sql then ossec2base.sql and then on base gui, alerts shown as 0.0.0.0
for source and destination IP addresses. Timestamp is 0000000 too. Here is the alert detail --------------------------------- ** Alert
1157380688.130944: nomail 2006 Sep 04 17:38:08
localhost -> (SERVER1) 10.100.X.X->WinEvtLog Rule: 18107 (level 3)
-> 'Windows Logon Success.' Src IP: (0.0.0.0) User: Xuser WinEvtLog: Security:
AUDIT_SUCCESS(540): Security: Y: X: HIS1: Successful Network
Logon: User Name: Y
Domain: X
Logon ID: (0x0,0x26C63F33)
Logon Type: 3
Logon
Process: Kerberos Authentication
Package: Kerberos
Workstation
Name: Logon GUID: {a1f68460-18ab-6bcc-73fb-a0b508253e95}
Caller User Name: -
Caller
Domain: - Caller
Logon ID: - Caller
Process ID: - Transited
Services: - Source Network Address: 10.100.X.X
BASE ALERT VIEW ------------------------ ID # Time Triggered
Signature 6 - 1 0000-00-00 00:00:00
[local] [snort] 'Windows Logon Success.' BASE ALERT VIEW ------------------------- ID <
Signature > < Timestamp > < Source Address
> < Dest. Address > < Layer 4 Proto
> #0-(6-1) [local]
[snort] 'Windows Logon Success.' 0000-00-00 00:00:00 0.0.0.0
0.0.0.0 IP |
- [ossec-list] windows file integrity question, ossec is gr... marc bayerkohler
- [ossec-list] Re: windows file integrity question, os... Joseph Wagner
- [ossec-list] Re: windows file integrity question, os... gentuxx
- [ossec-list] Re: windows file integrity question... Marty E. Hillman
- [ossec-list] Re: windows file integrity ques... gentuxx
- [ossec-list] Re: windows file integrity ... Martin Leung
- [ossec-list] Re: windows file integ... marc bayerkohler
- [ossec-list] Re: windows file i... Meir Michanie
- [ossec-list] OSSEC2BASE 0.0.0.0 |SaMaN|
- [ossec-list] Re: OSSEC2BASE... Meir Michanie
- [ossec-list] Re: OSSEC2BASE... |SaMaN|
- [ossec-list] Re: windows file integrity question, os... Daniel Cid
