Hello all, I'm playing around with OSSEC trying to figure it out. I have a windows 2008 server with OSSEC agent installed and a linux server collecting logs. I enabled the logall option to dump the logs. My understanding is when I have that enabled all the logs collected from Applications, Security and System in the Win Event viewer has to be there in OSSEC server. For the fun of it I was going through Windows event viewer and OSSEC server log dumps and saw some logs were missing in the OSSEC server dumps. As an example logs with Event ID 900, 902, 1003, 1005 were not there in the ossec server log file. Could this be possible? Server isn't under load. Am I missing something?
Any help and suggestions would be appreciated. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
