On Thu, 15 Jul 2010 11:46:47 -0400 Tyler Ross <[email protected]> wrote:
> Hello,
>
> I am wanting to use OSSEC policy monitoring for auditing Windows
> 2003/2008 servers that should be baselined to CIS. Initially, I am
> trying to verify and monitor Windows Audit policies, specifically
> *Audit Logon Events*. I have been trying to locate a registry key,
> or something that would allow me to accomplish this. Would anyone be
> able to help me with how I might be able to accomplish this? Thank
> you!
Mine did this by default when I installed, rule id's 18149 and 18107 in
msauth_rules.xml. It's working for Vista and Win7 at least, not monitoring any
servers though.
--
The Heineken Uncertainty Principle:
You can never be sure how many beers you had last night.
