:) great, thats what I thought initially as well a syntax error perhaps.... Happy OSSECING.
On Thu, Sep 23, 2010 at 2:52 PM, Andrew Smith <[email protected]>wrote: > I found the problem there was an extra directive attached to the boot.ini > syscheck line realtime=”yes”. > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Aamir Niazi > *Sent:* Thursday, September 23, 2010 12:40 PM > *To:* [email protected] > *Subject:* Re: [ossec-list] Windows Agent Error/Info Message > > > > what is the exact syntex of your boot.ini line under syscheck on your agent > where you are monitoring this? > > On Thu, Sep 23, 2010 at 1:01 PM, Andrew Smith <[email protected]> > wrote: > > Hello, > > > > I am in the process of testing out OSSEC with a couple Windows XP machine > and been showing an error message in the log that I am not familiar with. > Anyone out there recognize the error message described below. Note this > message occurs just with the basic Windows agent installation there hasn’t > been any tweaks to the configuration file. > > > > > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Application'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Security'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Application'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: > 'Security'. > > 2010/09/23 09:50:24 ossec-agent(1951): INFO: Analyzing event log: 'System'. > > 2010/09/23 09:50:24 ossec-agent: INFO: Started (pid: 9712). > > 2010/09/23 09:50:53 ossec-agent: INFO: Starting syscheck database > (pre-scan). > > · *2010/09/23 09:50:53 ossec-agent: ERROR: Unable to set directory > for monitoring: C:\boot.ini* > > · > > 2010/09/23 09:50:57 ossec-agent: INFO: Finished creating syscheck database > (pre-scan completed). > > 2010/09/23 09:52:57 ossec-agent: INFO: Starting syscheck scan (forwarding > database). > > 2010/09/23 09:53:11 ossec-agent: INFO: Ending syscheck scan (forwarding > database). > > 2010/09/23 09:53:31 ossec-agent: INFO: Starting real time file monitoring. > > 2010/09/23 09:53:31 ossec-agent: INFO: Starting rootcheck scan. > > 2010/09/23 09:53:38 ossec-agent: INFO: Ending rootcheck scan. > > Thanks, > > > > Andrew > > a > > > > > -- > Best Regards, > > Aamir Niazi > Senior Security Analyst > -- Best Regards, Aamir Niazi Senior Security Analyst
