The logs are being pushed to archives.log and not ossec.log On Thursday, June 15, 2017 at 11:09:01 AM UTC+4, Irshad Rahimbux wrote: > > > Hi, > > I have done the following changes in my configuration files as follows: > > <localfile> > <location>OAlerts</location> > <log_format>eventchannel</log_format> > </localfile> > > Logs are being pushed to ossec.log on server as follows: > 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun > 14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 > Alerts: (no user): no domain: IT-IR.Emtel.Org <http://it-ir.emtel.org/>: > Microsoft Outlook Everything in the "Junk E-mail" folder will be > permanently deleted. Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: > 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun > 14 16:59:33 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 > Alerts: (no user): no domain: IT-IR.Emtel.Org <http://it-ir.emtel.org/>: > Microsoft Outlook Everything in the "Junk E-mail" folder will be > permanently deleted. Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: > > But these are not be logged on the GUI. > > I have read on the net that these are informational events and not being > logged. How to enable those? > > Grateful to help and provide me the steps in doing so. > Thanks > > On Thursday, June 1, 2017 at 1:04:41 PM UTC+4, Jesus Linares wrote: >> >> Hi Irshad, >> >> sorry, I thought was the same problem than Akash. >> >> I would like to be able to retrieve logs from windows machine to my OSSIM >> >> >> Do you meand OSSEC, right?. >> >> Review the ossec.log of your agent. Maybe the location is wrong or there >> are no events. >> >> I hope it helps. >> Regards. >> >> >> On Thursday, June 1, 2017 at 6:51:14 AM UTC+2, Irshad Rahimbux wrote: >>> >>> ANy one can provide some help? @Jesus Linares... the link you provided >>> is not helping much. It's for another issue. >>> >>> On Wednesday, May 31, 2017 at 1:07:19 PM UTC+4, Jesus Linares wrote: >>>> >>>> https://groups.google.com/forum/#!topic/ossec-list/wcIE_EcDVxo >>>> >>>> On Tuesday, May 30, 2017 at 4:34:46 PM UTC+2, Akash Munjal wrote: >>>>> >>>>> >>>>> Hi All, >>>>> >>>>> I am also facing the same problem.I am not getting alert of >>>>> creation/deletion of file from windows agent >>>>> to my manager(linux). Agent show connected and active, I only get >>>>> alert from agent(win) is agent start/restart/change in ossec.conf(agent). >>>>> To monitor D:\ drive, I have done the following changes in ossec.conf >>>>> on manager: >>>>> >>>>> <directories report_changes="yes" realtime="yes" >>>>> check_all="yes">C:.,D:.</directories> >>>>> >>>>> But i don't get any alerts on my manager. >>>>> >>>>> Can you please help me out. >>>>> >>>>> Thanks >>>>> >>>>> >>>>>
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
