You DID restart the agent(s), right? You don't mention doing that explicitly. Just making sure...
-- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of j5-hms Sent: Wednesday, June 29, 2011 15:19 To: ossec-list Subject: [ossec-list] Re: Added Zeus Log File but Does Not Alert Let me say that on the manager side, when I run the ossec-logtest it appears that it's fine with the log format and it decodes it fine: **Phase 3: Completed filtering (rules). Rule id: '31205' Level: '8' Description: 'Admin authentication failed.' **Alert to be generated. So I guess the problem is why the agents don't trigger any alerts to forward to the manager when something gets logged to my Zeus log.
