http://www.icmc.usp.br/~mcmonard/public/laptec2002.pdf
On Sun, Dec 9, 2018 at 7:20 PM Joe Shey <joeshe...@gmail.com> wrote: > Hello all, > > I'm playing around with OSSEC trying to figure it out. I have a windows > 2008 server with OSSEC agent installed and a linux server collecting logs. > I enabled the logall option to dump the logs. My understanding is when I > have that enabled all the logs collected from Applications, Security and > System in the Win Event viewer has to be there in OSSEC server. For the fun > of it I was going through Windows event viewer and OSSEC server log dumps > and saw some logs were missing in the OSSEC server dumps. As an example > logs with Event ID 900, 902, 1003, 1005 were not there in the ossec server > log file. Could this be possible? Server isn't under load. Am I missing > something? > > Any help and suggestions would be appreciated. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
