Josh, I am using the .etl format.
Thanks Swati On Monday, 12 October 2015 14:43:22 UTC+1, DefensiveDepth wrote: > Swati, > > Are you using Event Trace Logs? (.etl format) > > -Josh > > > > On Tuesday, September 8, 2015 at 5:16:19 AM UTC-4, Swati wrote: >> >> Thanks Santiago! Yes, I am using eventchannel in the agents. >> >> Kind Regards >> Swati >> >> On Tuesday, 1 September 2015 19:44:45 UTC+1, Santiago Bassett wrote: >>> >>> Hi Swati, >>> >>> are you using eventchannel in the agents? Have a look at this email >>> thread: >>> >>> https://groups.google.com/forum/#!topic/ossec-list/o1SXX5Wk0A0 >>> >>> Best >>> >>> On Wed, Aug 26, 2015 at 3:33 AM, Swati <[email protected]> wrote: >>> >>>> Apart from the bookmark message I am getting "ossec-agent: Subscription >>>> error: 15007. Any idea?? >>>> >>>> >>>> On Tuesday, 11 August 2015 11:46:54 UTC+1, Swati wrote: >>>>> >>>>> I have ossec 2.8.2. My ossec agent conf file contains lots of windows >>>>> event id filters. >>>>> Any idea why I would get a message "ossec-agent: Could not create >>>>> bookmark from save (15008)" when I start the ossec-agent? >>>>> >>>>> Thanks >>>>> Swati >>>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
