Does OSSEC require privs for the Windows client agent that are different than the default for 'local system' on a Windows 2000 server?
I have two Windows 2003 servers that have worked fine. A Windows 2000 server gives me this error: ERROR: Unable to create active response process. I changed the OSSEC agent to run as local admin, and now it works and the brute force ftp attacks trigger the route-null.cmd. I'm running OSSEC 2.3 (as of tonight), but had the same problem with 2.1. Greg
