Regardless of the rule ID it triggers, the issue I'm seeing is that while manually testing the rule using the ossec-logtest tells me "alert to be generated" but in actual testing (causing the event ID from a host with agent running) no alerts or log entry is generated (except rule ID 1002). I know the workstation is sending the correct log since I see rule ID 1002 generate the alert but the windows msauth rules are not hit. I am stuck here....
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
