On Tue, Oct 2, 2012 at 11:00 AM, Tom Hangstin <[email protected]> wrote: > Well the agents are on windows 7 machines which I think just monitor win > event log and like I said nothing gets reported to the server. Dose ossec > not detect scans? >
I think you're asking the question. You should be asking yourself "What logs were created by the scan that should be causing alerts?" OSSEC looks at the logs created by the system an its applications, what log entries do you think should have alerted you? Also, scan is such a generic term. By itself it's basically useless. > > On Tue, Oct 2, 2012 at 9:43 AM, dan (ddp) <[email protected]> wrote: >> >> On Tue, Oct 2, 2012 at 10:38 AM, Tom Hangstin <[email protected]> >> wrote: >> > So i have a ossec server up and a few agents out there, but when i scan >> > a >> > agent system with nessus or nmap i dont get any emails or even a blip on >> > the >> > server im using 2.7 b1 and OSWUI. am i doing something wrong? >> >> Maybe, you don't really give us enough information to know. What kinds >> of logs are you seeing that should be triggering alerts? Provide >> samples, maybe we can help you make that happen. > >
