I have did all the configuration in ms-sccm.cfg [existing file in plugin
folder].
But still dont see anything in alerts.log.
On Saturday, July 1, 2017 at 1:37:04 AM UTC+4, dan (ddpbsd) wrote:
>
> On Thu, Jun 29, 2017 at 1:00 AM, Irshad Rahimbux
> > wrote:
> > Dear Team,
>
Dear Team,
I would like to integrate Microsoft SCCM with OSSIM.
All configuration has been done in ms-sccm.cfg [which was already
available].
Logs are coming to /var/log/alienvault/agent.log but not
to /var/ossec/logs/alerts/alerts.log
Any idea why and what I am doing wrong?
kindly advise.
Hello. This is a very old thread. But I am facing some similar issues.
Can you post your rules that you did for that to work.
Thnaks.
On Friday, April 13, 2012 at 10:04:21 PM UTC+4, tomcelica wrote:
>
> Any Ideas what my next step is? No Alert logged even though rule
> tests and seems to work
The logs are being pushed to archives.log and not ossec.log
On Thursday, June 15, 2017 at 11:09:01 AM UTC+4, Irshad Rahimbux wrote:
>
>
> Hi,
>
> I have done the following changes in my configuration files as follows:
>
>
> OAlerts
> eventchannel
>
The logs are being pushed to archives.log and not ossec.log
On Thursday, June 15, 2017 at 11:06:58 AM UTC+4, Irshad Rahimbux wrote:
>
> Hi,
>
> I am using AlienVault OSSIM and would like to be able to read logs from
> windows besides application, security and system.
>
ere
> are no events.
>
> I hope it helps.
> Regards.
>
>
> On Thursday, June 1, 2017 at 6:51:14 AM UTC+2, Irshad Rahimbux wrote:
>>
>> ANy one can provide some help? @Jesus Linares... the link you provided is
>> not helping much. It's for another issue.
Hi,
I am using AlienVault OSSIM and would like to be able to read logs from
windows besides application, security and system.
I have done the following changes in my configuration files as follows:
OAlerts
eventchannel
Logs are being pushed to ossec.log on server as follows:
2017
ANy one can provide some help? @Jesus Linares... the link you provided is
not helping much. It's for another issue.
On Wednesday, May 31, 2017 at 1:07:19 PM UTC+4, Jesus Linares wrote:
>
> https://groups.google.com/forum/#!topic/ossec-list/wcIE_EcDVxo
>
> On Tuesday, May 30, 2017 at 4:34:46 PM UT
Dear All,
I would like to be able to retrieve logs from windows machine to my OSSIM.
I have done the following changes in ossec.conf on my client:
OAlerts
eventchannel
Microsoft-Windows-WMI-Activity/Operational
eventchannel
Started the client again. But nothing goes