As you can see below the Src IP: field is not parsing correctly? Can
someone point me in the right direction to fix. Thanks---
2011 Jun 10 13:21:28 Rule Id: 581 level: 8
Location: ossec-server->/var/log/nmap-out.log
Src IP: 2.168.1.126 (), open ports:
Host information added.
** Alert 1307726488.9
What do you use to monitor the data? It happens on the realtime page
and the initial index page. I am not familiar enough with the wui,
just started playing with it two days ago.
Thanks,
Dan
@0xjudd
On Jun 10, 2:03 pm, "dan (ddp)" wrote:
> Hi 2secureit,
>
> On Fri, Jun
510
^Application Found
alert_by_email
Windows application monitor event.
rootcheck,
This is in my local rules and has not sent an email, however if I look
at rootcheck there is data/matches in there. \
Also in the msauth rules when an application is installed or
uninstal
Does this feature work with the Windows agent deployment in 2.6? If so
how do you set this up as I do not see agent-auth in the Windows 2.6
install?
Thanks,
Dan
