Hello, we have Ossec deployed across our environment and have been encountering
a couple of issues with registry keys lately. We are running the agents on
Windows and using version 8.1. We monitor some custom registry keys but we have
been seeing an error occurring and it doesn't track any of the changes. It is
also having issues with some generic windows registry keys as
follows;2015/06/24 08:07:02 ossec-agent(1758): ERROR: Unable to open registry
key:
'SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\DHCP'.2015/06/24
08:07:02 ossec-agent(1758): ERROR: Unable to open registry key:
'SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\IPTLSIn'.2015/06/24
08:07:02 ossec-agent(1758): ERROR: Unable to open registry key:
'SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\IPTLSOut'.2015/06/24
08:07:02 ossec-agent(1758): ERROR: Unable to open registry key:
'SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\RPC-EPMap'.2015/06/24
08:07:02 ossec-agent(1758): ERROR: Unable to open registry key:
'SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\Teredo'.We are
seeing the exact same error on our custom keys. I turned debugging on but it
just says attempting to read the registry key and then the above error. I have
checked the permissions and SYSTEM has full control so I am at a loss for why
it can't open the registry key.Any help would be appreciated.Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
