Running 2.6.15 on a RHEL5 server, and the do_not_group is not working the
way I expect. I assume that that is a problem with my expectations, but
just in case...
ossec.conf looks like so:
<email_alerts>
<email_to>WINDOWS</email_to>
<level>5</level>
<event_location>192.168.42|192.168.43|192.168.44|192.168.45|192.168.46|192.168.52|192.168.53|192.168.21|192.168.19|192.168.17|192.168.17|192.168.18.40|172.25.17.40|</event_location>
<do_not_group />
</email_alerts>
but 'Multiple Windows error events' continues to group messages, like so:
Received From: (REMOTEDEV03) 192.168.53.52->WinEvtLog
Rule: 18154 fired (level 10) -> "Multiple Windows error events."
Portion of the log(s):
WinEvtLog: System: ERROR(7001): Service Control Manager: (no user): no
domain: REMOTEDEV03.dev.timboyer.org: The WinHTTP Web Proxy Auto-Discovery
Service service depends on the DHCP Client service which failed to start
because of the following error: %%1058
WinEvtLog: System: ERROR(7001): Service Control Manager: (no user): no
domain: REMOTEDEV03.dev.timboyer.org: The WinHTTP Web Proxy Auto-Discovery
Service service depends on the DHCP Client service which failed to start
because of the following error: %%1058
WinEvtLog: System: ERROR(7001): Service Control Manager: (no user): no
domain: REMOTEDEV03.dev.timboyer.org: The WinHTTP Web Proxy Auto-Discovery
Service service depends on the DHCP Client service which failed to start
because of the following error: %%1058
WinEvtLog: System: ERROR(7001): Service Control Manager: (no user): no
domain: REMOTEDEV03.dev.timboyer.org: The WinHTTP Web Proxy Auto-Discovery
Service service depends on the DHCP Client service which failed to start
because of the following error: %%1058
WinEvtLog: System: ERROR(7001): Service Control Manager: (no user): no
domain: REMOTEDEV03.dev.timboyer.org: The WinHTTP Web Proxy Auto-Discovery
Service service depends on the DHCP Client service which failed to start
because of the following error: %%1058
WinEvtLog: System: ERROR(7001): Service Control Manager: (no user): no
domain: LOCALCON01.timboyer.org: The WinHTTP Web Proxy Auto-Discovery
Service service depends on the DHCP Client service which failed to start
because of the following error: %%1058
WinEvtLog: System: ERROR(7001): Service Control Manager: (no user): no
domain: LOCALCON01.timboyer.org: The WinHTTP Web Proxy Auto-Discovery
Service service depends on the DHCP Client service which failed to start
because of the following error: %%1058
WinEvtLog: System: ERROR(1055): Microsoft-Windows-GroupPolicy: SYSTEM: NT
AUTHORITY: REMOTECON01.timboyer.org: The processing of Group Policy failed.
Windows could not resolve the computer name. This could be caused by one of
more of the following: a) Name Resolution failure on the current domain
controller. b) Active Directory Replication Latency (an account created
on another domain controller has not replicated to the current domain
controller).
I believe this is only happening with the 'Multiple Windows' alert. Is
this a limitation in do_not_group, or is there something I'm doing wrong?
Thanks,
Tim
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
