Alan Sparks wrote: > I have a problem where, after installing an OSSEC 2.2 instance on a > Linux box, the WUI now shows me an entry for "web1 Windows registry." > And, indeed, the queues/syscheck directory on the OSSEC server has an > entry: "(web1) 10.242.54.10->syscheck-registry". > > But web1 is a RHEL 5.3 system. > > Why would OSSEC have done this? What triggered it thinking there was > supposed to be a Windows registry there? Nothing in the config has > anything mentioning the registry. Is there some way to remove the > erroneous "syscheck->registry" entry and make sure OSSEC doesn't > recreate it? > > -Alan > >
Any ideas about this? Suddenly in my UI I have almost all my Linux hosts showing with a "Windows registry" entry. What part of the client or server makes the decision to create this, and guess wrong? -Alan
