Hi Max
Thanks a lot for the reply May I know what did you use to collect the logs from network devices? (Router and switches) And OSSEC did you use it only for File Integrity check, if so what is the syslog and syslog viewer you implemented Kindly advice Muraleedaran Kanapathy| Linux/Unix System Engineer - ISS Department Voice +966(1) 2888136 | Fax +966(1) 288-8899 ext 1422 Integrated Networks | Faisaliah Tower | Level 7A | PO Box 53553, Riyadh 11593, KSA | GMT +3 | Email [email protected] <mailto:[email protected]> Disclaimer: This electronic mail message contains information that (a) is or may be LEGALLY PRIVILEGED, CONFIDENTIAL, ROPRIETARY IN NATURE, OR OTHERWISE PROTECTED BY LAW FROM DISCLOSURE, and (b) is intended only for the use of the Addressee(s) named herein. If you are not the intended recipient, an addressee, or the person responsible for delivering this to an addressee, you are hereby notified that reading, using, copying, or distributing any part of this message is strictly prohibited. If you have received this electronic mail message in error, please contact us immediately and take the steps necessary to delete the message completely from your computer system. Unless explicitly attributed, the opinions expressed in this message do not necessarily represent the official position or opinions of Integrated Networks LLC., whilst all care has been taken, Integrated Networks LLC. disclaims all liability for loss or damage to person or property arising from this message being infected by computer virus or any type of contamination. ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Max Williams Sent: Monday, May 10, 2010 3:57 PM To: '[email protected]' Subject: [ossec-list] RE: ossec for log analysis Hi Muraleedaran, You cannot browse all windows events from the web interface, you can only view Windows Events that have been triggered by a rule to generate an alert. Take a look in this file on the ossec server: <osse_path>/rules/msauth_rules.xml You could write your own rule to generate alerts for other events. If you wish to browse all events for many hosts you could use Windows Event Collector or use winlogd to send events to a syslog server (which is what we do for PCI DSS) Cheers, Max From: [email protected] [mailto:[email protected]] On Behalf Of Muraleedaran Kanapathy Sent: 08 May 2010 17:07 To: [email protected] Subject: [ossec-list] ossec for log analysis Dear Sirs We are in the process of installing the OSSEC for the log analyzing purposes for the PCI DSS requirement In windows I have installed the OSSEC agent, but I am unable to see any Windows event logs such Application, System, except for the Security logs ( Including CISCO logs) How can I search these logs via ossec web interface Muraleedaran Kanapathy| Linux/Unix System Engineer - ISS Department Voice +966(1) 2888136 | Fax +966(1) 288-8899 ext 1422 Integrated Networks | Faisaliah Tower | Level 7A | PO Box 53553, Riyadh 11593, KSA | GMT +3 | Email [email protected] <mailto:[email protected]> Disclaimer: This electronic mail message contains information that (a) is or may be LEGALLY PRIVILEGED, CONFIDENTIAL, ROPRIETARY IN NATURE, OR OTHERWISE PROTECTED BY LAW FROM DISCLOSURE, and (b) is intended only for the use of the Addressee(s) named herein. If you are not the intended recipient, an addressee, or the person responsible for delivering this to an addressee, you are hereby notified that reading, using, copying, or distributing any part of this message is strictly prohibited. If you have received this electronic mail message in error, please contact us immediately and take the steps necessary to delete the message completely from your computer system. Unless explicitly attributed, the opinions expressed in this message do not necessarily represent the official position or opinions of Integrated Networks LLC., whilst all care has been taken, Integrated Networks LLC. disclaims all liability for loss or damage to person or property arising from this message being infected by computer virus or any type of contamination.
<<image001.jpg>>
<<image002.jpg>>
