Do you have the command set in the local agent machine ossec.conf? Have you restarted the OSSEC agent?
What Windows OS? If you run the power shell command by itself in cmd.exe on the agent, does it provide results similar to the example? powershell.exe -command "gwmi win32_diskdrive | select Model,InterfaceType,serialnumber,Size,MediaType,CapabilityDescriptions > C:\temp\test.txt ; (gc C:\temp\test.txt | select -Skip 2)" Scott Klauminzer Director of Information Technology & Security Sent from my iPad On Oct 27, 2012, at 11:10 AM, Alejandro Martinez <[email protected]> wrote: > Hi > > I'm trying to use check_diff feature to check connected USB devices. > > I've followed the steps here > > https://groups.google.com/forum/?fromgroups=#!topic/ossec-list/1t6dnbzMZzM > > but my diff folder iis always empty. > > That feature is enabled by default or do I havve to compile including it ? > > I'm using 2.6 > > Thanks.
