Hello,
I have installed first snort sql table and then base sql then ossec2base.sql and then on base gui, alerts shown as 0.0.0.0 for source and destination IP addresses. Timestamp is 0000000 too.
Here is the alert detail
---------------------------------
** Alert 1157380688.130944: nomail
2006 Sep 04 17:38:08 localhost -> (SERVER1) 10.100.X.X->WinEvtLog
Rule: 18107 (level 3) -> 'Windows Logon Success.'
Src IP: (0.0.0.0 )
User: Xuser
WinEvtLog: Security: AUDIT_SUCCESS(540): Security: Y: X:
HIS1: Successful Network Logon: User Name: Y
Domain: X Logon ID: (0x0,0x26C63F33) Logon Type: 3
Logon Process: Kerberos Authentication Package: Kerberos
Workstation Name: Logon
GUID: {a1f68460-18ab-6bcc-73fb-a0b508253e95} Caller User Name: -
Caller Domain: - Caller Logon ID: - Caller Process ID: -
Transited Services: - Source Network Address: 10.100.X.X
Source Port: 2065
BASE ALERT VIEW
------------------------
ID # Time Triggered Signature
6 - 1 0000-00-00 00:00:00 [local] [snort] 'Windows Logon Success.'
BASE ALERT VIEW
-------------------------
ID < Signature > < Timestamp > < Source Address > < Dest. Address > < Layer 4 Proto >
#0-(6-1) [local] [snort] 'Windows Logon Success.' 0000-00-00 00:00:00 0.0.0.0 0.0.0.0 IP