Can you send in your config?
On 11/02/2008, Chuck Braden <[EMAIL PROTECTED]> wrote:
>
>
> Everytime I try to send something to the google list I get NOTHING in
> response. I am now sending this directly via e-mail.
>
> >>> <[EMAIL PROTECTED]> 02/09/08 4:19 PM >>>
> I get unable to start the agent on a windows system - error is check
> config. I have made sure the key matches the server. And I have
> checked the config (the IP is correct).
>
> I look under services and I dont see the OSSEC-HIDs service listed.
> Can you tell me what to try next?
>
> thanks
>
> Event log data
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Object Access
> Event ID: 560
> Date: 2/7/2008
> Time: 3:16:59 PM
>
> Description:
> Object Open:
> Object Server: SC Manager
> Object Type: SC_MANAGER OBJECT
> Object Name: ServicesActive
> Handle ID: -
> Operation ID: {0,240155849}
> Process ID: 1248
> Image File Name: C:\WINDOWS\system32\services.exe
> Primary User Name:
> Primary Domain: OFFICE
> Primary Logon ID: (0x0,0x3E7)
> Client User Name:
> Client Domain:
> Client Logon ID: (0x0,0xBB41E05)
> Accesses: DELETE
> READ_CONTROL
> WRITE_DAC
> WRITE_OWNER
> Connect to service controller
> Create a new service
> Enumerate services
> Lock service database for exclusive access
> Query service database lock state
> Set last-known-good state of service database
>
> Privileges: -
> Restricted Sid Count: 0
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
--
Andrew Hay
blog: http://www.andrewhay.ca
email: andrewsmhay || at || gmail.com
LinkedIn Profile: http://www.linkedin.com/in/andrewhay
OSSEC Book: http://preview.tinyurl.com/2oy63f
