diff --git a/pandora_agents/pc/Win32/pandora_agent.conf b/pandora_agents/pc/Win32/pandora_agent.conf index eb891d5866..b064eba730 100644 --- a/pandora_agents/pc/Win32/pandora_agent.conf +++ b/pandora_agents/pc/Win32/pandora_agent.conf @@ -147,22 +147,23 @@ module_max_critical 20 module_end # Log events + +# Get logs from System source. module_begin module_name System Events (TermService) -module_type async_string -module_logevent module_description Log Events coming from Terminal Service +module_type log +module_logevent module_source System -module_application TermService module_end +# Get logs from Security source. module_begin -module_name Security Events (Invalid Login) -module_type async_string -module_description Security log events for invalid login attempt +module_name Security Events +module_description Security log events +module_type log module_logevent module_source Security -module_eventcode 529 module_end # Check if Dhcp service is enabled diff --git a/pandora_agents/win32/bin/pandora_agent.conf b/pandora_agents/win32/bin/pandora_agent.conf index bae2841fd5..c0a1560b38 100644 --- a/pandora_agents/win32/bin/pandora_agent.conf +++ b/pandora_agents/win32/bin/pandora_agent.conf @@ -179,6 +179,22 @@ module_description Total number of TCP connections active module_group Networking module_end +# Get logs from System source. +module_begin +module_name Eventlog_System +module_type log +module_logevent +module_source System +module_end + +# Get logs from Security source. +module_begin +module_name Eventlog_Security +module_type log +module_logevent +module_source Security +module_end + # Example plugin to retrieve drive usage module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs" @@ -273,22 +289,6 @@ module_plugin "%PROGRAMFILES%\Pandora_Agent\util\autodiscover.exe" --default #module_type generic_data_string #module_end -# Get logs from System source. Need enterprise version. -#module_begin -#module_name Eventlog_System -#module_type log -#module_logevent -#module_source System -#module_end - -# Get logs from Security source. Need enterprise version. -#module_begin -#module_name Eventlog_Security -#module_type log -#module_logevent -#module_source Security -#module_end - # Get logs from Application source. Need enterprise version. #module_begin #module_name Eventlog_Application