OK I'm an idiot, that did it. Thank you and sorry at the same time :P.
On Jun 29, 2:34 pm, "Castle, Shane" <[email protected]> wrote: > You DID restart the agent(s), right? You don't mention doing that explicitly. > Just making sure... > > -- > Shane Castle > Data Security Mgr, Boulder County IT > CISSP GSEC GCIH > > > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of j5-hms > Sent: Wednesday, June 29, 2011 15:19 > To: ossec-list > Subject: [ossec-list] Re: Added Zeus Log File but Does Not Alert > > Let me say that on the manager side, when I run the ossec-logtest it > appears that it's fine with the log format and it decodes it fine: > > **Phase 3: Completed filtering (rules). > Rule id: '31205' > Level: '8' > Description: 'Admin authentication failed.' > **Alert to be generated. > > So I guess the problem is why the agents don't trigger any alerts to > forward to the manager when something gets logged to my Zeus log.
