Hi! Mi name is Richard.
I have a problem on the Ossec Agent. I want to scan USB devices in Windows
10 and i enable the following register on the event viewer:
Microsoft-Windows-DriverFrameworks-UserMode/Operational
Seeing the ossec documentation, in the configuration file i have to add the
following section of localfile to obtain the events:
<localfile>
*<location>*Microsoft-Windows-DriverFrameworks-UserMode/Operationa*l*
*</location>*
<log_format>eventchannel</log_format>
</localfile>
This configuration not work. If you have an idea that can help me...
Tnx!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
