[Ossec-list] Logs for the Windows version of the OSSEC HIDS agent

[daniel.cid at gmail.com (Daniel Cid)]

We will soon release a Windows version of the OSSEC HIDS agent.
If you manage any Windows server, please keep reading this.
We are basically looking for messages from the event log to write rules
for them. If you also run IIS, exchange, Active directory or any other
Windows service, we would love to support those events too.

We developed a small program to extract events from the Windows event
log and write them on a file. If you can run this program and send your logs
 to us, that would be great!
If you have logs from any other place (not in the event log - like
IIS), just send
 them to us too.

** We will NOT share your logs with anyone and neither post it online **

Step by step on how to do it:

1- Download the program: http://www.ossec.net/files/extract-win-el.exe
You can also download the source code or the md5 sum:
http://www.ossec.net/files/extract-win-el.c
http://www.ossec.net/files/extract-win-el-checksum.txt

2- Execute it:
The syntax is very easy. If you saved it at C:\, just do:

   C:\extract-win-el -e

3- E-mail us the log.
By default, the messages will be saved at C:\ossec-extracted-evt.log.
Just get this file (and any other log file that you have) and mail to
contact @ ossec.net. We really appreciate your help.

More information:

http://www.ossec.net/en/win-2006-04-20.html

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net