If you have not done it already, try enabling "logall" option in the ossec manager configuration file (global section). Then check your /var/ossec/logs/archives/archives.log and see if those are getting there.
If that is the case, then agent is forwarding the logs but they are just not triggering alerts. If events don't get there, there might be some configuration issue on the agent side (you could try enabling debug for the agent in internal_options.conf) Best On Wed, Jan 27, 2016 at 5:04 AM, Fayax <fa...@fayax.net> wrote: > I have enabled audit os MSSQL Server 2014 and audit logs are sent to > Windows Application Log. > I can see the audit logs from event viewer. But I'm unable to see the > audit logs from OSSEC server. > OSSEC agent is configured to analyze Application event log. > > Any help would be greatly appreciated. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
