Hello,
maybe it will be a small hint how to resolve my problem, I still sitting on
this problem,
I noticed that when in the agent ossec.conf is
<localfile>
<location>Security</location>
<log_format>*eventlog*</log_format>
</localfile>
all events are sent to ossec server, when I change eventlog with
eventchannel
<localfile>
<location>Security</location>
<log_format>*eventchannel*</log_format>
</localfile>
nothing is sent, it looks like agent doesn't know what to do.
Besides I found small error in the entry
<query>Event/*System*[EventID=4625]</query>
I changed that for
<query>Event/*Security*[EventID=4625]</query>
but it also didn't help too much.
regards,
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
