On Wed, May 13, 2015 at 10:20 PM, Daniel Wagner <masq24...@gmail.com> wrote: > Hello all, > > I've installed OSSEC HIDS Agent v2.8 on a few Windows 2008R2 servers and > Windows 2003 servers and am receiving the Security logs on my OSSEC > server, but not the Application and System logs. > > My config file is the default from the install which has a <localfile> > entry for all three logs. > > The OSSEC agent log shows: > INFO: Analyzing event log :Application > INFO: Analyzing event log :Security > INFO: Analyzing event log :System > > Querying 'WinEvtLog: Application' produces no results. Querying > 'WinEvtLog: Security' show numerous events from all my servers. > > Any ideas on why the Application and System logs are not being processed? >
Are you using the eventlog or eventchannel log format? eventchannel might produce better results (although I don't know for sure, and can't test it). > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
