Swati, Are you using Event Trace Logs? (.etl format)
-Josh On Tuesday, September 8, 2015 at 5:16:19 AM UTC-4, Swati wrote: > > Thanks Santiago! Yes, I am using eventchannel in the agents. > > Kind Regards > Swati > > On Tuesday, 1 September 2015 19:44:45 UTC+1, Santiago Bassett wrote: >> >> Hi Swati, >> >> are you using eventchannel in the agents? Have a look at this email >> thread: >> >> https://groups.google.com/forum/#!topic/ossec-list/o1SXX5Wk0A0 >> >> Best >> >> On Wed, Aug 26, 2015 at 3:33 AM, Swati <[email protected]> wrote: >> >>> Apart from the bookmark message I am getting "ossec-agent: Subscription >>> error: 15007. Any idea?? >>> >>> >>> On Tuesday, 11 August 2015 11:46:54 UTC+1, Swati wrote: >>>> >>>> I have ossec 2.8.2. My ossec agent conf file contains lots of windows >>>> event id filters. >>>> Any idea why I would get a message "ossec-agent: Could not create >>>> bookmark from save (15008)" when I start the ossec-agent? >>>> >>>> Thanks >>>> Swati >>>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
