Hi, I'm setting up ossec and have discovered that the event ids have change from Windows 2003 Server to Windows 2008 Server. For example the rule "Windows audit log was cleared." has changed from Id 517 to 1102.
Anyone has any experience in this matter? Any suggestion for a solution for this? Regards, Andreas
