I have a problem where, after installing an OSSEC 2.2 instance on a Linux box, the WUI now shows me an entry for "web1 Windows registry." And, indeed, the queues/syscheck directory on the OSSEC server has an entry: "(web1) 10.242.54.10->syscheck-registry".
But web1 is a RHEL 5.3 system. Why would OSSEC have done this? What triggered it thinking there was supposed to be a Windows registry there? Nothing in the config has anything mentioning the registry. Is there some way to remove the erroneous "syscheck->registry" entry and make sure OSSEC doesn't recreate it? -Alan
