Hello, While I have IIS line on agent config file, after I did sql injection attacks againts web server I have not got any alert yet. I have not seen any alerts in /var/ossec/logs/alerts/alerts.log. I checked IIS log and I see attack logs. Is there anything else to add server's config or agent's config ?
from agent's config
----------------------
<localfile>
<location>C:\WINNT/System32/LogFiles/W3SVC1/ex%y%m%d.log</location>
<log_format>iis</log_format>
</localfile>
