Audit log kerberos not showing in archives log and alert
101 views
Skip to first unread message
riiky devils
Sep 10, 2021, 3:24:53 AM9/10/21
to Wazuh mailing list
Hi Team,
I have issue is audit log from kerberos not showing in archives.log and wazuh alert
I have issue is audit log from kerberos not showing in archives.log and wazuh alert
But if i check in the AD event viewer there is a kerberos audit log
How can this happen?
Because i think kerberos log prematch with this rule for windows success logon that contain event id 4769 and exactly match to event viewer log
This is my ossec config that alert level set to level 3 so i think this is no issue about alert level
Thank You,
How can this happen?
Because i think kerberos log prematch with this rule for windows success logon that contain event id 4769 and exactly match to event viewer log
This is my ossec config that alert level set to level 3 so i think this is no issue about alert level
Thank You,
Juan Nicolás Asselle
Sep 12, 2021, 6:06:35 PM9/12/21
to Wazuh mailing list
Hi riiky0503,
Your setup seems fine at first glance, but the following requested information can be really helpful in determining what’s going on:
- Wazuh version (both manager and agent if they differ)
- Windows version
- Agent localfile configuration blocks related to EventChannel
Thank you and I’ll wait this information to move forward.
Regards,
Nico
riiky devils
Sep 15, 2021, 12:16:45 AM9/15/21
to Wazuh mailing list
Hi Nico,
Sorry for late response. The issue already solved after i'm upgrade wazuh manager and client to 4.2.1 version and kerberos log showing in alerts
Thank You so much
Best Regards,
Sorry for late response. The issue already solved after i'm upgrade wazuh manager and client to 4.2.1 version and kerberos log showing in alerts
Thank You so much
Best Regards,
Reply all
Reply to author
Forward
0 new messages