When running agent_control from our linux OSSEC server to a specific windows agent, the agent fails to run the active response. Viewing the agent in ProcessExplorer, I see the following call to cmd.exe:
C:\Windows\system32\cmd.exe /c ""active-response/bin/block-ip.cmd" add "-" " 192.168.0.101" "(from_the_server) (no_rule_id)"" The c/ parameter is malformed and missing path to the OSSEC install. I have tried adding an OSSECPATH variable to the environment and the OSSEC install location to the windows' path but without success. Does anyone know why this path isn't fully qualified or how to resolve? Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
