The windows systems do not have the same commands for looking at users. Your commands for looking at both logged in and last, will only work on *nix platforms.
Kat On Wednesday, April 6, 2016 at 2:38:26 AM UTC-5, Maxim Surdu wrote: > > Hi dear community, > > i install and configure about 10 agents, and of course i have a lot of > users, i need to monitoring when they are working or drink coffee > > in ossec_rules.xml > > i have next rules > > <rule id="534" level="1"> > <if_sid>530</if_sid> > <match>ossec: output: 'w'</match> > <check_diff /> > <options>alert_by_email</options> > <description>List of logged in users. It will not be alerted by > default.</description> > </rule> > > <rule id="535" level="1"> > <if_sid>530</if_sid> > <match>ossec: output: 'last -n </match> > <check_diff /> > <options>alert_by_email</options> > <description>List of the last logged in users.</description> > </rule> > > i have linux and windows machines but mail is coming just from one > machine(linux) how about the rest > what i did wrong? > > i appreciate your help, and a lot of respect for developers and community! > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
