Sorry sir!
My skill is Cisco configuration. I don't know how to Configure windows to
track the information.
Could you help me please?
On Sunday, March 29, 2015 at 6:22:01 PM UTC+7, Nhen Panha wrote:
Hi sir!
Last week I have install OSSEC to monitor my Windows Server and Windows
8.1.
I
Hi,
any news about this topic?
I have also the need to disable the netstat part (preferred to disable it
on management server globaly) is this possible?
best regards
philipp
On Tuesday, January 13, 2015 at 1:43:21 PM UTC+1, Yaniv Ron wrote:
How can I import the agents without this
I created an issue to investigate this further:
https://github.com/ossec/ossec-hids/issues/568
From what you have showed it looks like it should work according to the
examples given in the documentation. I'll have to dig deeper to understand
more.
--
---
You received this message because
How about reading the documentation ?
Eero
31.3.2015 6.17 ip. kirjoitti Nhen Panha panhan...@gmail.com:
Sorry sir!
My skill is Cisco configuration. I don't know how to Configure windows to
track the information.
Could you help me please?
On Sunday, March 29, 2015 at 6:22:01 PM UTC+7, Nhen
On Tue, Mar 31, 2015 at 9:59 AM, Philipp Hoferichter phi...@gmx.de wrote:
Hi,
any news about this topic?
I have also the need to disable the netstat part (preferred to disable it
on management server globaly) is this possible?
I haven't seen anything in github (commits, pull requests, or
Starting point - Windows 8 and Windows Server 2012 Security Event Details:
http://www.microsoft.com/en-us/download/details.aspx?id=35753
For example, Windows process tracking:
1) Enable Advanced Audit Policy Configuration - Detailed Tracking - Audit
Process Creation (Success)
2) Create test
I confirmed in the code that the query is getting passed to EvtSubscribe()
and an error should get generated and show in the logs if the query is
malformed in anyway. There have been a large amount of changes to the
eventchannel code in 2.9 which is still beta. Let me find a download link
for
1) Confirm that you have the list referenced in ossec.conf ie
listlists/psexec/list
2) Create the cdb file with no extension ie vi /var/ossec/lists/psexec
3) Run: /var/ossec/bin/ossec-makelists, it should create a file named
psexec.cdb in the lists folder
MaWhen doing my first CDB list a
*Raw Log...*
2015 Mar 31 11:37:27 WinEvtLog: System: INFORMATION(1): Sysmon: Username:
SYSTEM-NAME: SYSTEM-NAME: Process Create: UtcTime: 3/31/2015
06:37:27.465 PM ProcessGuid: {7531FA7E-E967-551A--0010D2A58706}
ProcessId: 5868 Image: C:\Folder\Folder\file.exe
Hello,
maybe it will be a small hint how to resolve my problem, I still sitting on
this problem,
I noticed that when in the agent ossec.conf is
localfile
locationSecurity/location
log_format*eventlog*/log_format
/localfile
all events are sent to ossec server, when I change
Hello,
maybe it will be a small hint how to resolve my problem, I still sitting on
this problem,
I noticed that when in the agent ossec.conf is
localfile
locationSecurity/location
log_format*eventlog*/log_format
/localfile
all events are sent to ossec server, when I change
11 matches
Mail list logo
