A New Community Experience is Coming! For more information, please see our announcement
Check if IDM-Plugins are working
I configured an ossec-idm.plugin which should read the data that is delivered by the ossec-agent(s).
Now with the ossec-plugin enabled I see all the logon / logoff messages. But my IDM Source [email protected]
are not populated.So my questions are:
- How can I check if the idm information is coming to the system ?
- Which are the events which get populated with IDM information anyway ?
- Should I disable the "ossec"-plugin as it might be interfering with the "ossec-idm"-plugin ?
Help would be highly appreciated as I'm missing the required information to fix it by myself.