On Fri, Feb 3, 2012 at 8:04 AM, alsdks <[email protected]> wrote: > Hello list, > > Windows Ossec agent , default ossec.conf configuration, spits out a > lot of errors I believe others have noticed it as well but I could > not find a relative post .I was wondering if someone knew what they > mean and how can they be resolved . > > For example : > > ossec-agent: WARN: Error opening directory: 'C:\WINDOWS/System32/ > telnet.exe': No such file or directory >
I see stuff like that all the time, haven't noticed it causing a problem yet. > This error pops every time the syscheck is run , though the file > exists and is there.Also Windows is agnostic of the direction of the > slashes , so there must not be a problem there.If you put the above > bun in Windows run or in a cmd prompt and hit enter , your are > presented with a telnet prompt. > > > Another group of mysterious errors that I do not know what affect they > have to the monitoring ability of OSSEC are the following: > > 2012/01/19 15:02:43 ossec-agent(1107): ERROR: Unable to create > directory: '/var/ossec/queue/diff/local/:\WINDOWS' > That's really strange. It seems like something may be amiss in your config. Is the report_changes option set anywhere? > 2012/01/19 15:02:43 ossec-agent(1124): ERROR: Unable to rename file: > 'C:\WINDOWS/System32/drivers/etc/hosts'. > I'd have to search the src for the above 2 errors to get any understanding of the context. > > What do they mean ? The first error (1107) refers to Ossec server > path ? > > > Anyone else noticed this behavior ? > > I am trying to troubleshoot Ossec's Windows monitoring unstable > behavior and am wondering if the above errors are responsible. > > Thank you What do you mean by "unstable behavior?"
