[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: [ossec-list] Re: At some point, Windows events are not sent to the Wazuh server.
From: "e.fanti e.fanti" <efanti () gmail ! com>
Date: 2018-06-22 10:17:58
Message-ID: bfc2afde-3b25-41d3-9e49-2f34056a28a8 () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I follwed this link:
https://www.manageengine.com/products/active-directory-audit/help/getting-started/domain-controllers-advanced-audit-policy.html
Modified in "Computer Configuration -> Windows Settings -> Security
Settings -> Advanced Audit Policy Configuration -> Audit Policies"
Executed "gpupdate /force" on all my domains controllers.
Now I have the logs in Ossec Server.
Thank You
Enrico
Il giorno mercoledì 20 giugno 2018 18:06:27 UTC+2, e.fanti e.fanti ha
scritto:
>
> Hello to all.
> Almost every day the following thing happens.
> I have 2 agents installed on two windows 2008 servers.
> The agent is connected to the Wazuh Manager, but windows events are not
> sent to the Wazuh server.
> The events are present on the Windows server.
>
>
> The restart of the windows agent does not send the events
>
>
> On the Wazuh server I have only the messages related to the restart of the
> agent on the windows server
>
> Thank you
>
> Enrico
>
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[Attachment #5 (text/html)]
<div dir="ltr"><div>I follwed this \
link:<br></div><div><br></div><div>https://www.manageengine.com/products/active-direct \
ory-audit/help/getting-started/domain-controllers-advanced-audit-policy.html</div><div><br></div><div>Modified \
in "Computer Configuration -> Windows Settings -> Security Settings -> \
Advanced Audit Policy Configuration -> Audit \
Policies"</div><div><br></div><div>Executed "gpupdate /force" on all \
my domains controllers.</div><div><br></div><div>Now I have the logs in Ossec \
Server.</div><div><br></div><div>Thank You</div><div>Enrico<br></div><br>Il giorno \
mercoledì 20 giugno 2018 18:06:27 UTC+2, e.fanti e.fanti ha scritto:<blockquote \
class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc \
solid;padding-left: 1ex;"><div dir="ltr"><span lang="en"><span>Hello to \
all.</span><br><span>Almost every day the following thing happens.</span><br><span>I \
have 2 agents installed on two windows 2008 servers.</span><br><span>The agent is \
connected to the Wazuh Manager, but windows events are not sent to the Wazuh \
server.</span><br></span><div><span lang="en"><span>The events are present on the \
Windows server.</span></span></div><div><span \
lang="en"><span><br></span></span></div><div><br><span lang="en"><span><span \
lang="en"><span>The restart of the windows agent does not send the \
events</span></span></span></span></div><div><span lang="en"><span><span \
lang="en"><span><br></span></span></span></span></div><div><br><span \
lang="en"><span><span lang="en"><span><span lang="en"><span>On the Wazuh server I \
have only the messages related to the restart of the agent on the windows \
server</span></span></span></span></span></span></div><div><span \
lang="en"><span><span lang="en"><span><span \
lang="en"><span><br></span></span></span></span></span></span></div><div><span \
lang="en"><span><span lang="en"><span><span lang="en"><span>Thank \
you</span></span></span></span></span></span></div><div><span lang="en"><span><span \
lang="en"><span><span \
lang="en"><span><br></span></span></span></span></span></span></div><div><span \
lang="en"><span><span lang="en"><span><span \
lang="en"><span>Enrico</span></span></span></span></span></span></div></div></blockquote></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-list" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-list+unsubscribe@googlegroups.com">ossec-list+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic