[ossec-list] OSSEC MSSQL audit log
I have enabled audit on MS SQL Server 2014, logs are sent to Windows Application log. I can see the audit logs from Event Viewer, but I'm unable to see the logs on OSSEC server. OSSEC agent is configured to monitor Windows Application logs. Any help would be greatly appreciated. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] OSSEC MSSQL Audit log
I have enabled audit os MSSQL Server 2014 and audit logs are sent to Windows Application Log. I can see the audit logs from event viewer. But I'm unable to see the audit logs from OSSEC server. OSSEC agent is configured to analyze Application event log. Any help would be greatly appreciated. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] OSSEC MSSQL audit log
On Jan 27, 2016 10:06 AM, "Fayax" wrote: > > I have enabled audit on MS SQL Server 2014, logs are sent to Windows Application log. > I can see the audit logs from Event Viewer, but I'm unable to see the logs on OSSEC server. > OSSEC agent is configured to monitor Windows Application logs. > > Any help would be greatly appreciated. > Turn on the logall option on the ossec server, and check to see if those logs are present in the archives.log file. > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] OSSEC MSSQL Audit log
If you have not done it already, try enabling "logall" option in the ossec manager configuration file (global section). Then check your /var/ossec/logs/archives/archives.log and see if those are getting there. If that is the case, then agent is forwarding the logs but they are just not triggering alerts. If events don't get there, there might be some configuration issue on the agent side (you could try enabling debug for the agent in internal_options.conf) Best On Wed, Jan 27, 2016 at 5:04 AM, Fayax wrote: > I have enabled audit os MSSQL Server 2014 and audit logs are sent to > Windows Application Log. > I can see the audit logs from event viewer. But I'm unable to see the > audit logs from OSSEC server. > OSSEC agent is configured to analyze Application event log. > > Any help would be greatly appreciated. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
