Look at C:\program files\ossec-agent\ossec.log (at the agent) for any
error regarding
opening the logs. In addition to that, if you just miss a page
(causing a 400 error code)
you should see something in the server ossec.log ...
*Are you getting other alerts from this windows agent?
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/7/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hello,
While I have IIS line on agent config file, after I did sql injection attacks
againts web server I have not got any alert yet. I have not seen any alerts in
/var/ossec/logs/alerts/alerts.log. I checked IIS log and I see attack logs. Is
there anything else to add server's config or agent's config ?
from agent's config
----------------------
<localfile>
<location>C:\WINNT/System32/LogFiles/W3SVC1/ex%y%m%d.log</location>
<log_format>iis</log_format>
</localfile>
