On Wed, Oct 19, 2016 at 5:00 PM, Adiel Navarro <adiel.nava...@mail.telcel.com> wrote: > Its necessary to monitor /var/log/messages to catch the “illegal user” > message and the AR script begin to run? > > >
If you're running SSH on Windows, will there even be a /var/log/messages? We don't have support for SSH on Windows because no one added decoders and rules for it. You can do that. Or I can do that. Or anyone else can do that. But it has to be done if OSSEC is to support it out of the box. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.