I had the same problem and compared the backslash forward slash to a known working system. I had to actually delete the agent file from the /var/ossec/rids directory (don't quote me on the directory, I'm on my phone, can't check for accuracy) . Restarted ossec and stopped and restarted on the windows machine and everything was working fine. I can submit more info later.
-- Michael D. Wood ITSecurityPros.org www.itsecuritypros.org ----- Reply message ----- From: "carlopmart" <[email protected]> To: <[email protected]> Subject: [ossec-list] Errors with telnet.exe binary under Windows 2008 R2 Date: Sat, Aug 25, 2012 4:27 pm On 08/25/2012 10:18 PM, Michael Starks wrote: > On 08/25/2012 02:17 PM, Ryan Schulze wrote: >> forward slash, backslash problem ? >> >> 'C:\Windows/System32/telnet.exe' != 'C:\Windows\System32\telnet.exe' > > 'C:\Windows/System32/telnet.exe is correct. I was thinking perhaps it is > a problem with the MAC label not allowing ossec access to the file. MAC label?? Uhmm, maybe you are right ...What permissions do I need to setup in this binary?? At this moment SYSTEM, Administrators and Users use Read & Execute ... Only TrustedInstaller have full control ... -- CL Martinez carlopmart {at} gmail {d0t} com
