Hi Irshad, sorry, I thought was the same problem than Akash.
I would like to be able to retrieve logs from windows machine to my OSSIM Do you meand OSSEC, right?. Review the ossec.log of your agent. Maybe the location is wrong or there are no events. I hope it helps. Regards. On Thursday, June 1, 2017 at 6:51:14 AM UTC+2, Irshad Rahimbux wrote: > > ANy one can provide some help? @Jesus Linares... the link you provided is > not helping much. It's for another issue. > > On Wednesday, May 31, 2017 at 1:07:19 PM UTC+4, Jesus Linares wrote: >> >> https://groups.google.com/forum/#!topic/ossec-list/wcIE_EcDVxo >> >> On Tuesday, May 30, 2017 at 4:34:46 PM UTC+2, Akash Munjal wrote: >>> >>> >>> Hi All, >>> >>> I am also facing the same problem.I am not getting alert of >>> creation/deletion of file from windows agent >>> to my manager(linux). Agent show connected and active, I only get alert >>> from agent(win) is agent start/restart/change in ossec.conf(agent). >>> To monitor D:\ drive, I have done the following changes in ossec.conf on >>> manager: >>> >>> <directories report_changes="yes" realtime="yes" >>> check_all="yes">C:.,D:.</directories> >>> >>> But i don't get any alerts on my manager. >>> >>> Can you please help me out. >>> >>> Thanks >>> >>> >>> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
