|
Hi everyone, is it possible to configure the ossec
server to ignore successful Logon Type: 3 events? Thanks for your help. 2007 Nov 27 10:26:24 Rule Id: 18107 level: 3 Location: (test1) 137.21.8.90->WinEvtLog Windows Logon Success.WinEvtLog: Security: AUDIT_SUCCESS(540): Security: IT Support Services: TEST1: TEST1: Successful Network Logon: User Name: IT Support Services Domain: TEST1 Logon ID: (0x0,0xEDD25CB) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: DUMMY107 Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 137.21.8.123 Source Port: 0 Aaron |
- [ossec-list] how to exclude logon type 3 events Aaron Bliss
- [ossec-list] Re: how to exclude logon type 3 events Peter M. Abraham
