VNC is installed on my windows machine. I have ossec server installed on a Linux machine with agents installed on my workstations. I need to be alerted when someone remotes to my windows machine using VNC. The alert event ID 1 shows in the application logs. Is there a rule like VNC.xml for ossec? I cannot seem to get this event to trigger. Pease see attached. localrules.xml <!-- VNC Login --> <rule id="100036" level="11"> <id>^1|^2</id> <match>Connection received from</match> <group>syslog,</group> <description>VNC Login</description> </rule> </group> <!--SYSLOG,LOCAL -->
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
<<attachment: vnc.jpg>>
