On Fri, Aug 29, 2014 at 12:16 PM, velvin <[email protected]> wrote: > Regardless of the rule ID it triggers, the issue I'm seeing is that while > manually testing the rule using the ossec-logtest tells me "alert to be > generated" but in actual testing (causing the event ID from a host with > agent running) no alerts or log entry is generated (except rule ID 1002). I > know the workstation is sending the correct log since I see rule ID 1002 > generate the alert but the windows msauth rules are not hit. I am stuck > here.... >
Make sure the OSSEC processes restart after you make changes. Other than that, I cannot reproduce this issue, so I have no clue. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
