Hi, I hope someone can shed light onto the following behaviour of OSSEC 2.7. We have added custom registry hives to monitor by amending client side ossec.conf file. Syntax is correct. Events wise, as soon as the syscheck completed, we can see "New registry items added" going through. After this, neither deletes no modifies are reported. If we create a new entry again, under the previous one, it's again reported as "new registry item", but modify and deletes are ignored. I would like to note, that this does not happen to the default registry items which are populated in client side ossec.conf during installation.
Any clues? Cheers. Nazim. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
