On Mon, Sep 8, 2014 at 8:45 PM, Jay Bittner <[email protected]> wrote: > Hi guys. My company is currently setting up security per the PCI > requirements. > > What we are doing is logging events on our 'call center' Windows computers, > which send logs back to our server, which we can check on our Dev computers. > > One problem I've noticed in the logs, which isn't very helpful, is that some > for the event 'Windows Logon Success' (Alert 1410221611), often times it > puts 'ANONYMOUS LOGON' or 'SYSTEM', instead of the actual user account that > logged in. But on other alerts, from some of the other computers, it puts > the actual person's login name ( ex. [email protected] ). Our employees use > emails to login to Windows. > > Where and how would I go about re-configuring the setup, so that it shows a > user's email, 100% of the time, on Login/Logout/Etc Windows events. That's > the only way those alerts are going to be helpful. > > I have some screenshots of the different situations I'm describing. >
Can you provide working and non-working log samples? > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
