Thanks for the reply. I know that the console is running 2.7 & I believe the agents are 2.8 as I upgraded them shortly after I put the 2.7 ones onto the systems. I'll revert those agents to 2.7 & test a bit, then report back. Thanks kindly!
On Monday, June 9, 2014 10:25:07 AM UTC-4, Michael Starks wrote: > > On 2014-06-09 8:49, Dan Kennedy wrote: > > Good day all. It seems like I'm seeing a very odd issue with regard to > > Windows events coming through to the OSSEC management server. I've set > > this up before without any configuration changes & received all the > > events I wanted from the Windows end point (a Win7 machine), but this > > time around (a Win2k3 Server for testing) it seems to be failing as > > far as what data it returns into the main alerts.log file. Here's a > > sample of one of the events I get: > > I know a change was made to the log format (adding Windows timestamp) > and the decoder (in order to accommodate it), so that's probably the > cause. Do you have a 2.7 instance still around to test that sample? > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
