I have a Windows client that I want to generate an alert when a certain
file is deleted. I have enabled the Audit File System local group policy. I
have modified the audit policy for that file so that
an event is generated in the Security Event Viewer. My ossec.conf file
contains:
<localfile>
<location>Security</location>
<log_format>eventlog</log_format>
</localfile>
which I thought would cause the event to be logged into the ossec.log
file and sent to the server. I can see the audit success in the Security
Event viewer but I do not see it
in either the ossec.log or the server. Is there a place that I can see
this alert either outgoing from the PC or incoming to the server? Shouldn't
all entries into the security event viewer
show up at the server? What am I doing wrong.
Thanks,
Doug
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
