Hello. This is a very old thread. But I am facing some similar issues.
Can you post your rules that you did for that to work.
Thnaks.
On Friday, April 13, 2012 at 10:04:21 PM UTC+4, tomcelica wrote:
>
> Any Ideas what my next step is? No Alert logged even though rule
> tests and seems to
Do you have any idea why the event isn't generating an alert?
This record only appears in the ossec/logs/archives/archive.log
Nowhere else.
On Apr 13, 11:04 am, santa rocks tbar...@gmail.com wrote:
Any Ideas what my next step is? No Alert logged even though rule
tests and seems to work.
OH
So... I need to trim this from my rule:
The 2012 Apr 13 09:27:29 (E420S-1546) 172.17.3.0-WinEvtLog
On Apr 13, 11:12 am, dan (ddp) ddp...@gmail.com wrote:
The log message is:
WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 14 Alerts: (no
user): no domain:
