Re: [ossec-list] Re: Logging of informational events on OSSIM
On Thu, Jun 15, 2017 at 3:14 AM, Irshad Rahimbux wrote: > The logs are being pushed to archives.log and not ossec.log > Only ossec stuff should be in the ossec.log. Alerts go in alerts.log and log events go to archives.log (if the logall option is enabled). > On Thursday, June 15, 2017 at 11:06:58 AM UTC+4, Irshad Rahimbux wrote: >> >> Hi, >> >> I am using AlienVault OSSIM and would like to be able to read logs from >> windows besides application, security and system. >> >> I have done the following changes in my configuration files as follows: >> >> >> OAlerts >> eventchannel >> >> >> Logs are being pushed to ossec.log on server as follows: >> 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun >> 14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 >> Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook Everything >> in the "Junk E-mail" folder will be permanently deleted. Continue? P1: >> 300894 P2: 16.0.4534.1001 P3: aldbzP4: >> 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun >> 14 16:59:33 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 >> Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook Everything >> in the "Junk E-mail" folder will be permanently deleted. Continue? P1: >> 300894 P2: 16.0.4534.1001 P3: aldbzP4: >> >> But these are not be logged on the GUI. >> >> I have read on the net that these are informational events and not being >> logged. How to enable those? >> You probably need to create rules for the log messages. I don't think OSSIM takes anything from OSSEC that is not an alert. >> Grateful to help and provide me the steps in doing so. >> Thanks, >> IR > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Logging of informational events on OSSIM
Hello Irshad I think I have replied this on the other thread, isn't it? https://groups.google.com/forum/#!topic/ossec-list/mDueDPTDFTw Best regards, On Thursday, June 15, 2017 at 9:14:32 AM UTC+2, Irshad Rahimbux wrote: > > The logs are being pushed to archives.log and not ossec.log > > On Thursday, June 15, 2017 at 11:06:58 AM UTC+4, Irshad Rahimbux wrote: >> >> Hi, >> >> I am using AlienVault OSSIM and would like to be able to read logs from >> windows besides application, security and system. >> >> I have done the following changes in my configuration files as follows: >> >> >> OAlerts >> eventchannel >> >> >> Logs are being pushed to ossec.log on server as follows: >> 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun >> 14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 >> Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook >> Everything in the "Junk E-mail" folder will be permanently deleted. >> Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: >> 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun >> 14 16:59:33 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 >> Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook >> Everything in the "Junk E-mail" folder will be permanently deleted. >> Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: >> >> But these are not be logged on the GUI. >> >> I have read on the net that these are informational events and not being >> logged. How to enable those? >> >> Grateful to help and provide me the steps in doing so. >> Thanks, >> IR >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Logging of informational events on OSSIM
The logs are being pushed to archives.log and not ossec.log On Thursday, June 15, 2017 at 11:06:58 AM UTC+4, Irshad Rahimbux wrote: > > Hi, > > I am using AlienVault OSSIM and would like to be able to read logs from > windows besides application, security and system. > > I have done the following changes in my configuration files as follows: > > > OAlerts > eventchannel > > > Logs are being pushed to ossec.log on server as follows: > 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun > 14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 > Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook > Everything in the "Junk E-mail" folder will be permanently deleted. > Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: > 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun > 14 16:59:33 WinEvtLog: OAlerts: INFORMATION(300): Microsoft Office 16 > Alerts: (no user): no domain: IT-IR.Emtel.Org: Microsoft Outlook > Everything in the "Junk E-mail" folder will be permanently deleted. > Continue? P1: 300894 P2: 16.0.4534.1001 P3: aldbzP4: > > But these are not be logged on the GUI. > > I have read on the net that these are informational events and not being > logged. How to enable those? > > Grateful to help and provide me the steps in doing so. > Thanks, > IR > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.