I confirmed in the code that the query is getting passed to EvtSubscribe() and an error should get generated and show in the logs if the query is malformed in anyway. There have been a large amount of changes to the eventchannel code in 2.9 which is still beta. Let me find a download link for that version and have you try it out there. If it still doesn't work we can do some deeper dive troubleshooting.
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
