Thanks for all the information provided. I already started working on some of them (symantec and lotus notes), but I would like some more information (keep reading)...
-For the symantec. Can you show me one or two entries of a log where a virus was found? -For the Windows Routing and Remote Access logs. Can you describe what some of the fields in the log mean? In addition to that, where in the filesystem is this log located? I couldn't find much information about it on google. Any link would be appreciated. -For Jay: Where are these spamcops logs located and how often are they changed? *I posted the provided logs in the wiki. Thanks for the information and suggestions. -- Daniel B. Cid dcid ( at ) ossec.net On 11/6/06, Black CryptoKnight <[EMAIL PROTECTED]> wrote:
Support for Symantec Antivirus Corporate Edition logs would be very cool. A description of their log format is here: http://service1.symantec.com/SUPPORT/ent-security.nsf/0/57757c1d149130b788256c760069f7f7?OpenDocument&seg=en&lg=en&ct=us I've attached a log sample (with IP addresses and other sensitive information changed). Black CryptoKnight <[EMAIL PROTECTED]> wrote: I'd also like to see support for Windows Routing and Remote Access logs. Samples attached for Win2K RRAS dialup (with IP addresses and other sensitive information modified). Black CryptoKnight <[EMAIL PROTECTED]> wrote: There are some logfiles I'd love to see OSSEC support for log analysis. I'll post log samples for them in this thread. I'd love to see support for analysing Lotus Domino http logs. Attached are some log samples for the Lotus Domino Web server (with IP addresses and sensitive info modified). ________________________________ Want to start your own business? Learn how on Yahoo! Small Business. Visit Jamaica's Tech Portal http://www.techjamaica.com ________________________________ Access over 1 million songs - Yahoo! Music Unlimited Try it today. ________________________________ Sponsored Link Try Netflix today! With plans starting at only $5.99 a month what are you waiting for?
