Hello,
I am in the process of testing out OSSEC with a couple Windows XP machine and been showing an error message in the log that I am not familiar with. Anyone out there recognize the error message described below. Note this message occurs just with the basic Windows agent installation there hasn't been any tweaks to the configuration file. 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Application'. 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Security'. 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'. 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Application'. 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Security'. 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'. 2010/09/23 09:50:24 ossec-agent: INFO: Started (pid: 9712). 2010/09/23 09:50:53 ossec-agent: INFO: Starting syscheck database (pre-scan). * 2010/09/23 09:50:53 ossec-agent: ERROR: Unable to set directory for monitoring: C:\boot.ini * 2010/09/23 09:50:57 ossec-agent: INFO: Finished creating syscheck database (pre-scan completed). 2010/09/23 09:52:57 ossec-agent: INFO: Starting syscheck scan (forwarding database). 2010/09/23 09:53:11 ossec-agent: INFO: Ending syscheck scan (forwarding database). 2010/09/23 09:53:31 ossec-agent: INFO: Starting real time file monitoring. 2010/09/23 09:53:31 ossec-agent: INFO: Starting rootcheck scan. 2010/09/23 09:53:38 ossec-agent: INFO: Ending rootcheck scan. Thanks, Andrew a
