Thanks; I will look into that and see what the logs show.
On Tuesday, March 7, 2017 at 4:30:09 AM UTC-6, InfoSec wrote:
>
> To gain visibility into what is going on at the agent side, turn on debug
> mode on the agent.
>
> In C:\Program Files (x86)\ossec-agent\internal_options.conf change:
>
>
On Wednesday, March 1, 2017 at 7:31:58 PM UTC-6, dan (ddpbsd) wrote:
>
> On Wed, Mar 1, 2017 at 6:40 PM, Ed Davison <edav...@gmail.com
> > wrote:
> > It would be great to see the decoder entries that go with these rules
> ... I
> > know this is an older post
It would be great to see the decoder entries that go with these rules ...
I know this is an older post but maybe you are still around and can share
the decoder and maybe the plugin as well?
On Monday, May 16, 2016 at 4:22:08 PM UTC-5, Brent Morris wrote:
>
> Rob - can you post your OSSEC
I have OSSEC 2.8.3 installed on a Windows 2012R2 server and have added an
eventchannel localfile option to gather logs from
"Microsoft-Windows-Backup" log. No errors on startup.
On the OSSIM side, I have logall enabled and am checking alerts.log file
and can ONLY see Error logs being
