Hello, But the telnet.exe exists at the directory C:\WINDOWS/System32/ and still we get the error. Why create a file under SysWOW64? Ossec.conf doesn't specify this path anyway and in addition Windows 2003 default security protects these executables. You cannot change them , like renaming them or placing a file with the same name at the same directory etc.
For the above reason(Windows default security) I am more interested in the other two errors. 2012/01/19 15:02:43 ossec-agent(1107): ERROR: Unable to create directory: '/var/ossec/queue/diff/local/:\WINDOWS' 2012/01/19 15:02:43 ossec-agent(1124): ERROR: Unable to rename file: 'C:\WINDOWS/System32/drivers/etc/hosts'. Not that the telnet errors and the like are of no interest too. There should not be such errors since the files exit at the specified path. Thank you. On Feb 7, 6:53 pm, sunny <[email protected]> wrote: > Assuming this is a 64 bit version of Windows.... > > Can you create the following file: > > C:\WINDOWS\SysWOW64\telnet.exe > > It can just be empty.... and restart ossec and see if the message > goes away? > > Jeff > > On Feb 3, 8:04 am, alsdks <[email protected]> wrote: > > > > > > > > > Hello list, > > > Windows Ossec agent , default ossec.conf configuration, spits out a > > lot of errors I believe others have noticed it as well but I could > > not find a relative post .I was wondering if someone knew what they > > mean and how can they be resolved . > > > For example : > > > ossec-agent: WARN: Error opening directory: 'C:\WINDOWS/System32/ > > telnet.exe': No such file or directory > > > This error pops every time the syscheck is run , though the file > > exists and is there.Also Windows is agnostic of the direction of the > > slashes , so there must not be a problem there.If you put the above > > bun in Windows run or in a cmd prompt and hit enter , your are > > presented with a telnet prompt. > > > Another group of mysterious errors that I do not know what affect they > > have to the monitoring ability of OSSEC are the following: > > > 2012/01/19 15:02:43 ossec-agent(1107): ERROR: Unable to create > > directory: '/var/ossec/queue/diff/local/:\WINDOWS' > > > 2012/01/19 15:02:43 ossec-agent(1124): ERROR: Unable to rename file: > > 'C:\WINDOWS/System32/drivers/etc/hosts'. > > > What do they mean ? The first error (1107) refers to Ossec server > > path ? > > > Anyone else noticed this behavior ? > > > I am trying to troubleshoot Ossec's Windows monitoring unstable > > behavior and am wondering if the above errors are responsible. > > > Thank you
