what is the exact syntex of your boot.ini line under syscheck on your agent where you are monitoring this?
On Thu, Sep 23, 2010 at 1:01 PM, Andrew Smith <[email protected]>wrote: > Hello, > > > > I am in the process of testing out OSSEC with a couple Windows XP machine > and been showing an error message in the log that I am not familiar with. > Anyone out there recognize the error message described below. Note this > message occurs just with the basic Windows agent installation there hasn’t > been any tweaks to the configuration file. > > > > > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Application'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Security'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Application'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Security'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'. > > 2010/09/23 09:50:24 ossec-agent: INFO: Started (pid: 9712). > > 2010/09/23 09:50:53 ossec-agent: INFO: Starting syscheck database > (pre-scan). > > · *2010/09/23 09:50:53 ossec-agent: ERROR: Unable to set directory > for monitoring: C:\boot.ini* > > ·** > > 2010/09/23 09:50:57 ossec-agent: INFO: Finished creating syscheck database > (pre-scan completed). > > 2010/09/23 09:52:57 ossec-agent: INFO: Starting syscheck scan (forwarding > database). > > 2010/09/23 09:53:11 ossec-agent: INFO: Ending syscheck scan (forwarding > database). > > 2010/09/23 09:53:31 ossec-agent: INFO: Starting real time file monitoring. > > 2010/09/23 09:53:31 ossec-agent: INFO: Starting rootcheck scan. > > 2010/09/23 09:53:38 ossec-agent: INFO: Ending rootcheck scan. > > Thanks, > > > > Andrew > > a > -- Best Regards, Aamir Niazi Senior Security Analyst
