I tried cleaning but still it show only registry modification in the web Gui. I can check the file modification with syscheck.
On Friday, February 28, 2014 5:04:03 AM UTC-8, dan (ddpbsd) wrote: > > On Thu, Feb 27, 2014 at 4:37 PM, moe hans <[email protected] <javascript:>> > wrote: > > We recently installed OSSEC server and monitoring 5 window 2008 server > for > > reg modification and registry modification. It works fine for 3 servers > but > > for two of them it is only showing registry modification but no file > > modifications in integrity check ---> dump database. Although we do get > > email alerts when a file get modified on that server. I check the > > configuration on all the servers is same. Any idea but it could be. Al > > > > Check the permissions of those agents' syscheck databases. I'd > consider clearing them out and letting the system create a new > baseline too. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
