Hi,
Unfortunately windows audit (EventLog configuration) has not specific
configuration,
If audit of windows firewall event is enable, all of firewall
events (chrome, internet explorer, ping, etc) is logged. (So we *cannot
exclude OSSEC firewall events*)
If audit of windows firewall event is disable, *we cannot detect
*network
scan, port scan, etc attacks.
I don't know specific information of UDP but Is there any* socket.open()
socket.close() f*unctionalism?
When ossec service start, UDP socket will be open. When service
close, UDP socket will close? (Like TCP)
And it will solve *infinite recursivity log *problem.
Best Regards
9 Haziran 2016 Perşembe 12:11:52 UTC+3 tarihinde Victor Fernandez yazdı:
>
> Hi Abdulvehhab.
>
> It has sense, it falls into a infinite recursivity, But it's a bit
> difficult to store some messages and send them to the server since the
> protocol consists on one datagram per message. Even if the agent stores
> some messages and sends all of them at a time, the firewall would detect
> one delivery per message.
>
> Out of curiosity, what is the EventLog configuration? Maybe it's possible
> to ignore connections towards the OSSEC server.
>
> Best regards.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
