On Mon, Jun 9, 2014 at 11:01 AM, Dan Kennedy <[email protected]> wrote: > > Thanks for the reply. I know that the console is running 2.7 & I believe > the agents are 2.8 as I upgraded them shortly after I put the 2.7 ones onto > the systems. I'll revert those agents to 2.7 & test a bit, then report > back. Thanks kindly! >
The manager should never be running an older version of OSSEC than the agents. > > On Monday, June 9, 2014 10:25:07 AM UTC-4, Michael Starks wrote: >> >> On 2014-06-09 8:49, Dan Kennedy wrote: >> > Good day all. It seems like I'm seeing a very odd issue with regard to >> > Windows events coming through to the OSSEC management server. I've set >> > this up before without any configuration changes & received all the >> > events I wanted from the Windows end point (a Win7 machine), but this >> > time around (a Win2k3 Server for testing) it seems to be failing as >> > far as what data it returns into the main alerts.log file. Here's a >> > sample of one of the events I get: >> >> I know a change was made to the log format (adding Windows timestamp) >> and the decoder (in order to accommodate it), so that's probably the >> cause. Do you have a 2.7 instance still around to test that sample? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
