RE: [ossec-list] Windows Agent Error/Info Message

Thu, 23 Sep 2010 12:05:27 -0700 

I found the problem there was an extra directive attached to the boot.ini 
syscheck line  realtime=”yes”.  

 

From: [email protected] [mailto:[email protected]] On 
Behalf Of Aamir Niazi
Sent: Thursday, September 23, 2010 12:40 PM
To: [email protected]
Subject: Re: [ossec-list] Windows Agent Error/Info Message

 

what is the exact syntex of your boot.ini line under syscheck on your agent 
where you are monitoring this?

On Thu, Sep 23, 2010 at 1:01 PM, Andrew Smith <[email protected]> wrote:

Hello,

 

I am in the process of testing out OSSEC with a couple Windows XP machine and 
been showing an error message in the log that I am not familiar with.   Anyone 
out there recognize the error message described below.  Note this message 
occurs just with the basic Windows agent installation there hasn’t been any 
tweaks to the configuration file.   

 

 

2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Application'.

2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Security'.

2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'.

2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Application'.

2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'Security'.

2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'.

2010/09/23 09:50:24 ossec-agent: INFO: Started (pid: 9712).

2010/09/23 09:50:53 ossec-agent: INFO: Starting syscheck database (pre-scan).

·         2010/09/23 09:50:53 ossec-agent: ERROR: Unable to set directory for 
monitoring: C:\boot.ini

·

2010/09/23 09:50:57 ossec-agent: INFO: Finished creating syscheck database 
(pre-scan completed).

2010/09/23 09:52:57 ossec-agent: INFO: Starting syscheck scan (forwarding 
database).

2010/09/23 09:53:11 ossec-agent: INFO: Ending syscheck scan (forwarding 
database).

2010/09/23 09:53:31 ossec-agent: INFO: Starting real time file monitoring.

2010/09/23 09:53:31 ossec-agent: INFO: Starting rootcheck scan.

2010/09/23 09:53:38 ossec-agent: INFO: Ending rootcheck scan.

Thanks,

 

Andrew

a




-- 
Best Regards,

Aamir Niazi
Senior Security Analyst

Reply via email to