Hi all, I've scoured the internet and Google for a solution to this issue, but it seems very few others have run into it. The issue is that I cannot for some reason log any PrintService events by the Event Logger in Windows 7.
I'm running the OSSEC server on Ubuntu, OSSEC HIDS v2.7.1, and connecting to the server with a Windows agent. I have enabled logall on my ossec.conf on the server side, and all of the Application, Security, and System Windows events are pouring through. I have attempted to add in Microsoft-Windows-PrintService/Operational to the event log system, but unfortunately either the OSSEC agent will not start properly (if using %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-PrintService%4Operational), or it will access nothing at all (if using %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-PrintService Operational or %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-PrintService/Operational). Has anyone been able to overcome this issue? Is there a different or easier way to have Windows audit printing? I would need to see specific information about the file printed, as in who printed it and what file was printed and to what printer, not just that there was a file somewhere that possibly printed. Thank you in advance, Michael -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
