Hello.
I installed ossec-wazzuh with kibana on linux server
i want to monitoring winddows eventlog from 2 active directory servers.
I have configured agent in linux for this servers and install ossec agent
in windows server
The configuration agent from windows is
<ossec_config>
<client>
<server-ip>192.168.12.14</server-ip>
</client>
</ossec_config>
<localfile>
<location>Application</location>
<log_format>eventlog</log_format>
</localfile>
<localfile>
<location>Security</location>
<log_format>eventlog</log_format>
</localfile>
<localfile>
<location>System</location>
<log_format>eventlog</log_format>
</localfile>
I recibe this log in kibana:
{\"rule\":{\"level\":3,\"comment\":\"Windows User
Logoff.\",\"sidid\":18149,\"firedtimes\":1,\"groups\":[\"windows\"],\"PCI_DSS\":[\"10.2.5\"]},\"dstuser\":\"Administrador\",\"full_log\":\"2016
Jun 07 10:33:48 WinEvtLog: Security: AUDIT_SUCCESS(551): Security:
Administrador: PC-XP: PC-XP: Cierre de sesi\xF3n iniciada por el usuario:
Nombre usuario: Administrador Dominio: DOM.local Id. de inicio
de sesi\xF3n: (0x0,0xb73d9)
\",\"id\":\"551\",\"status\":\"AUDIT_SUCCESS\",\"data\":\"Security\",\"systemname\":\"PC-XP\",\"decoder\":{\"name\":\"windows\"},\"hostname\":\"agent01\",\"agentip\":\"any\",\"timestamp\":\"2016
Jun 07 10:33:51\",\"location\":\"WinEvtLog\"}
Please, how can i do for add daskboard in kibana graphic interface
for the eventolog monitoring?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
