On Mon, Dec 10, 2018 at 2:13 PM Joe Shey <[email protected]> wrote:
> http://www.icmc.usp.br/~mcmonard/public/laptec2002.pdf > > On Sun, Dec 9, 2018 at 7:20 PM Joe Shey <[email protected]> wrote: > >> Hello all, >> >> I'm playing around with OSSEC trying to figure it out. I have a windows >> 2008 server with OSSEC agent installed and a linux server collecting logs. >> I enabled the logall option to dump the logs. My understanding is when I >> have that enabled all the logs collected from Applications, Security and >> System in the Win Event viewer has to be there in OSSEC server. For the fun >> of it I was going through Windows event viewer and OSSEC server log dumps >> and saw some logs were missing in the OSSEC server dumps. As an example >> logs with Event ID 900, 902, 1003, 1005 were not there in the ossec server >> log file. Could this be possible? Server isn't under load. Am I missing >> something? >> >> Any help and suggestions would be appreciated. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
10.12.2018_01.csv
Description: Binary data
