I was able to restart the ossec agent on a windows host a few minutes ago. On the ossec server, in the ossec.conf I added:
<command> <name>win-null-route</name> <executable>route-null.cmd</executable> <expect>srcip</expect> <timeout_allowed>yes</timeout_allowed> </command> <command> <name>win-restart-ossec</name> <executable>restart-ossec.cmd</executable> <expect></expect> </command> <active-response> <command>win-null-route</command> <location>defined-agent</location> <agent_id>012</agent_id> <level>15</level> <timeout>60</timeout> </active-response> I haven't looked at the route-null.cmd script to see what it does yet, so I don't know how to check if that worked or not. But I saw no errors in the ossec.log on the Windows agent (no tail -f made this less than fun). -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.