Oh I see. I don't currently have any Windows agents, so I cannot help you there. All my work machines are Linux RHEL5 or SunOS.
Could go on the agent-side machine and open up the /etc/ossec.log folder and paste the errors from there? There should be more information. Also when you try to restart, does the agent start up correctly? On Friday, July 5, 2013 11:54:34 AM UTC-4, Daniel Jochims wrote: > > I know that they are not there, but I keep them in the config for older > servers that will still have those files/paths. The errors are not my > problem, I'm just looking for what other peoples ossec.conf on their agent > look like. I'm trying to get a perspective on other files that they may be > monitoring on that I currently am not. An example is how I'm trying to > monitor bcdedit.exe. That file was the replacement for boot.ini in newer > windows operating systems. I'm just not getting it implemented correctly, > which is why im looking for a more experienced persons agents ossec.conf > file to base rules off of. > > On Friday, July 5, 2013 9:29:52 AM UTC-5, David Blanton wrote: > >> If you've removed those paths/directories to being monitored, try >> restarting OSSEC and the agent as well. >> >> /var/ossec/bin/agent_control -R ### >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
