Hi Dan, >That's really strange. It seems like something may be amiss in your >config. Is the report_changes option set anywhere?
Well I tried to play with it but it didn't work so I changed it back. I also cleared the database for that agent on OSSEC server. >What do you mean by "unstable behavior?" I mean getting an alert for an event some times but not always .There is not autoignore option enabled.It should alert each time. Thank you On Feb 6, 1:56 pm, "dan (ddp)" <[email protected]> wrote: > On Fri, Feb 3, 2012 at 8:04 AM, alsdks <[email protected]> wrote: > > Hello list, > > > Windows Ossec agent , default ossec.conf configuration, spits out a > > lot of errors I believe others have noticed it as well but I could > > not find a relative post .I was wondering if someone knew what they > > mean and how can they be resolved . > > > For example : > > > ossec-agent: WARN: Error opening directory: 'C:\WINDOWS/System32/ > > telnet.exe': No such file or directory > > I see stuff like that all the time, haven't noticed it causing a problem yet. > > > This error pops every time the syscheck is run , though the file > > exists and is there.Also Windows is agnostic of the direction of the > > slashes , so there must not be a problem there.If you put the above > > bun in Windows run or in a cmd prompt and hit enter , your are > > presented with a telnet prompt. > > > Another group of mysterious errors that I do not know what affect they > > have to the monitoring ability of OSSEC are the following: > > > 2012/01/19 15:02:43 ossec-agent(1107): ERROR: Unable to create > > directory: '/var/ossec/queue/diff/local/:\WINDOWS' > > That's really strange. It seems like something may be amiss in your > config. Is the report_changes option set anywhere? > > > 2012/01/19 15:02:43 ossec-agent(1124): ERROR: Unable to rename file: > > 'C:\WINDOWS/System32/drivers/etc/hosts'. > > I'd have to search the src for the above 2 errors to get any > understanding of the context. > > > > > What do they mean ? The first error (1107) refers to Ossec server > > path ? > > > Anyone else noticed this behavior ? > > > I am trying to troubleshoot Ossec's Windows monitoring unstable > > behavior and am wondering if the above errors are responsible. > > > Thank you > > What do you mean by "unstable behavior?"
