Hello guys! im tryng to use the new windows audit stuff and im kind of lost..
im following http://ossec.net/wiki/index.php/Know_How:WindowsPolicy had added: <rule id="512" level="9" overwrite="yes"> <if_sid>510</if_sid> <match>^Windows Audit</match> <description>Windows Audit event.</description> <group>rootcheck,</group> </rule> but i dont get any alert (email and alert.log), using the defaults rules (the one about messenger) and custome ones Any help would be great!!! cheers. _____________________________________________________________________ This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from Globant. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
