Hello,
I have installed first snort sql table and then base sql then ossec2base.sql and then on base gui, alerts shown as 0.0.0.0 for source and destination IP addresses. Timestamp is 0000000 too.
Here is the alert detail
---------------------------------
** Alert 1157380688.130944: nomail
2006 Sep 04 17:38:08 localhost -> (SERVER1) 10.100.X.X->WinEvtLog
Rule: 18107 (level 3) -> 'Windows Logon Success.'
Src IP: (0.0.0.0 )
User: Xuser
WinEvtLog: Security: AUDIT_SUCCESS(540): Security: Y: X:
HIS1: Successful Network Logon: User Name: Y
Domain: X Logon ID: (0x0,0x26C63F33) Logon Type: 3
Logon Process: Kerberos Authentication Package: Kerberos
Workstation Name: Logon
GUID: {a1f68460-18ab-6bcc-73fb-a0b508253e95} Caller User Name: -
Caller Domain: - Caller Logon ID: - Caller Process ID: -
Transited Services: - Source Network Address: 10.100.X.X
Source Port: 2065
BASE ALERT VIEW
------------------------
ID # Time Triggered Signature
6 - 1 0000-00-00 00:00:00 [local] [snort] 'Windows Logon Success.'
BASE ALERT VIEW
-------------------------
ID < Signature > < Timestamp > < Source Address > < Dest. Address > < Layer 4 Proto >
#0-(6-1) [local] [snort] 'Windows Logon Success.' 0000-00-00 00:00:00 0.0.0.0 0.0.0.0 IP
what version of ossec-hids are you running ?
On 9/4/06, |SaMaN| <[EMAIL PROTECTED]> wrote:
- [ossec-list] windows file integrity question, ossec is gr... marc bayerkohler
- [ossec-list] Re: windows file integrity question, os... Joseph Wagner
- [ossec-list] Re: windows file integrity question, os... gentuxx
- [ossec-list] Re: windows file integrity question... Marty E. Hillman
- [ossec-list] Re: windows file integrity ques... gentuxx
- [ossec-list] Re: windows file integrity ... Martin Leung
- [ossec-list] Re: windows file integ... marc bayerkohler
- [ossec-list] Re: windows file i... Meir Michanie
- [ossec-list] OSSEC2BASE 0.0.0.0 |SaMaN|
- [ossec-list] Re: OSSEC2BASE... Meir Michanie
- [ossec-list] Re: OSSEC2BASE... |SaMaN|
- [ossec-list] Re: windows file integrity question, os... Daniel Cid
