Dear Daniel
Thanks a lot for the reply. Yes I have made it as <logall> to yes but still I am not getting any logs in the alerts. For the CISCO and other Network devices can we get the syslog data to the OSSEC.. Best regards, Muraleedaran Kanapathy| Linux/Unix System Engineer - ISS Department Voice +966(1) 2888136 | Fax +966(1) 288-8899 ext 1422 Integrated Networks | Faisaliah Tower | Level 7A | PO Box 53553, Riyadh 11593, KSA | GMT +3 | Email [email protected] <mailto:[email protected]> Disclaimer: This electronic mail message contains information that (a) is or may be LEGALLY PRIVILEGED, CONFIDENTIAL, ROPRIETARY IN NATURE, OR OTHERWISE PROTECTED BY LAW FROM DISCLOSURE, and (b) is intended only for the use of the Addressee(s) named herein. If you are not the intended recipient, an addressee, or the person responsible for delivering this to an addressee, you are hereby notified that reading, using, copying, or distributing any part of this message is strictly prohibited. If you have received this electronic mail message in error, please contact us immediately and take the steps necessary to delete the message completely from your computer system. Unless explicitly attributed, the opinions expressed in this message do not necessarily represent the official position or opinions of Integrated Networks LLC., whilst all care has been taken, Integrated Networks LLC. disclaims all liability for loss or damage to person or property arising from this message being infected by computer virus or any type of contamination. ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Cid Sent: Monday, May 10, 2010 4:30 PM To: [email protected] Subject: Re: [ossec-list] ossec for log analysis Hi, OSSEC by default will only generate alerts on events that have potential security value. Most events from the "System" and "Application" event log are just informational and OSSEC will not store them. If you need to have all of them stored, go to your ossec.conf (on the manager) and set <logall> to "yes". Everything will be then logged at the archives.log *You also mentioned Cisco logs. What kind of Cisco logs are those? Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Sat, May 8, 2010 at 1:06 PM, Muraleedaran Kanapathy < [email protected]> wrote: Dear Sirs We are in the process of installing the OSSEC for the log analyzing purposes for the PCI DSS requirement In windows I have installed the OSSEC agent, but I am unable to see any Windows event logs such Application, System, except for the Security logs ( Including CISCO logs) How can I search these logs via ossec web interface Muraleedaran Kanapathy| Linux/Unix System Engineer - ISS Department Voice +966(1) 2888136 | Fax +966(1) 288-8899 ext 1422 Integrated Networks | Faisaliah Tower | Level 7A | PO Box 53553, Riyadh 11593, KSA | GMT +3 | Email [email protected] <mailto:[email protected]> Disclaimer: This electronic mail message contains information that (a) is or may be LEGALLY PRIVILEGED, CONFIDENTIAL, ROPRIETARY IN NATURE, OR OTHERWISE PROTECTED BY LAW FROM DISCLOSURE, and (b) is intended only for the use of the Addressee(s) named herein. If you are not the intended recipient, an addressee, or the person responsible for delivering this to an addressee, you are hereby notified that reading, using, copying, or distributing any part of this message is strictly prohibited. If you have received this electronic mail message in error, please contact us immediately and take the steps necessary to delete the message completely from your computer system. Unless explicitly attributed, the opinions expressed in this message do not necessarily represent the official position or opinions of Integrated Networks LLC., whilst all care has been taken, Integrated Networks LLC. disclaims all liability for loss or damage to person or property arising from this message being infected by computer virus or any type of contamination.
<<image002.jpg>>
<<image003.jpg>>
