On Thu, Apr 7, 2016 at 3:18 AM, Maxim Surdu <[email protected]> wrote: > ok, who can tell me how about the rest of linux machines? > why is working just for one? >
Are the commands defined in the ossec.conf of each of those machines? Were the processes restarted after the commands were added? Are there any relevant logs in the agents' ossec.log? > > miercuri, 6 aprilie 2016, 23:57:16 UTC+3, Kat a scris: >> >> The windows systems do not have the same commands for looking at users. >> Your commands for looking at both logged in and last, will only work on *nix >> platforms. >> >> Kat >> >> On Wednesday, April 6, 2016 at 2:38:26 AM UTC-5, Maxim Surdu wrote: >>> >>> Hi dear community, >>> >>> i install and configure about 10 agents, and of course i have a lot of >>> users, i need to monitoring when they are working or drink coffee >>> >>> in ossec_rules.xml >>> >>> i have next rules >>> >>> <rule id="534" level="1"> >>> <if_sid>530</if_sid> >>> <match>ossec: output: 'w'</match> >>> <check_diff /> >>> <options>alert_by_email</options> >>> <description>List of logged in users. It will not be alerted by >>> default.</description> >>> </rule> >>> >>> <rule id="535" level="1"> >>> <if_sid>530</if_sid> >>> <match>ossec: output: 'last -n </match> >>> <check_diff /> >>> <options>alert_by_email</options> >>> <description>List of the last logged in users.</description> >>> </rule> >>> >>> i have linux and windows machines but mail is coming just from one >>> machine(linux) how about the rest >>> what i did wrong? >>> >>> i appreciate your help, and a lot of respect for developers and >>> community! >>> >>> >>> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
