Yeah, there was this: https://github.com/awiddersheim/ossec-hids/commit/262630f63674c8e0e5928bf8a002d0a31114e2d6
Not sure that is the problem. Could be a number of things potentially. Is there a tmp directory in the OSSEC directory? Maybe something stupid with permissions? Might be worth using some of the pstools (ProcMon, ProcExp) to see where OSSEC is trying to make those files and see what it might be dying on. Those bookmarks are used to keep track of where OSSEC was last reading from the eventlog so that when you stop/start the service it can pick up where it left off. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
