Creating the tmp dir and restarting services appeared to have fixed it. To be sure, I did a clean re-install and created the tmp dir prior to the eventchannel config--After startup, there are currently no bookmark errors.
I also confirmed once again that the eventchannel logs are being parsed correctly. -Josh On Friday, October 9, 2015 at 8:16:51 PM UTC-4, SoulAuctioneer wrote: > > Are there errors in the OSSEC log after you create the tmp directory in > the OSSEC directory and restart everything? > > Looks like the installer needs the following: > > > https://github.com/ossec/ossec-hids/blame/master/src/win32/ossec-installer.nsi#L146 > > https://github.com/ossec/ossec-hids/blame/master/src/win32/ossec-installer.nsi#L422 > > https://github.com/ossec/ossec-hids/blame/master/src/win32/ossec-installer.nsi#L438 > > Some Procmon errors like "Name Not Found" can probably be expected when > things first start up since OSSEC will try to ascertain if a bookmark file > exists but that shouldn't result in an error in the OSSEC logs. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
