That makes complete sense. Not sure why I opted to update those agents off of 2.7.1 & not have the team whom manage the management server update the management server. For now the agents are reverted so I'll test out the events to see how they are being received now. Thanks!
On Monday, June 9, 2014 11:18:21 AM UTC-4, dan (ddpbsd) wrote: > > On Mon, Jun 9, 2014 at 11:01 AM, Dan Kennedy <[email protected] > <javascript:>> wrote: > > > > Thanks for the reply. I know that the console is running 2.7 & I > believe > > the agents are 2.8 as I upgraded them shortly after I put the 2.7 ones > onto > > the systems. I'll revert those agents to 2.7 & test a bit, then report > > back. Thanks kindly! > > > > The manager should never be running an older version of OSSEC than the > agents. > > > > > On Monday, June 9, 2014 10:25:07 AM UTC-4, Michael Starks wrote: > >> > >> On 2014-06-09 8:49, Dan Kennedy wrote: > >> > Good day all. It seems like I'm seeing a very odd issue with regard > to > >> > Windows events coming through to the OSSEC management server. I've > set > >> > this up before without any configuration changes & received all the > >> > events I wanted from the Windows end point (a Win7 machine), but this > >> > time around (a Win2k3 Server for testing) it seems to be failing as > >> > far as what data it returns into the main alerts.log file. Here's a > >> > sample of one of the events I get: > >> > >> I know a change was made to the log format (adding Windows timestamp) > >> and the decoder (in order to accommodate it), so that's probably the > >> cause. Do you have a 2.7 instance still around to test that sample? > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
