On Mon, Nov 12, 2018 at 5:25 PM Giorgio Biondi <[email protected]> wrote: > > Hi at all, > > I tried to follow the documentation for active AR on Windows .. > I think it does not work .. Has anyone had positive results? >
I haven't tried it, but your configuration is missing. Can you provide it? > I have follow this: > https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html > > In the log os my Windows machine have this: > > 2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present: > 'active-response/bin/restart-ossec.sh'. Not using it on this system. > > 2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present: > 'active-response/bin/host-deny.sh'. Not using it on this system. > > 2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present: > 'active-response/bin/firewall-drop.sh'. Not using it on this system. > > 2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck scan (forwarding > database). > > 2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > > 2018/11/12 23:04:03 ossec-syscheckd: INFO: Finished creating syscheck > database (pre-scan completed). > > 2018/11/12 23:04:13 ossec-syscheckd: INFO: Ending syscheck scan (forwarding > database). > > 2018/11/12 23:04:33 rootcheck: INFO: Starting rootcheck scan. > > 2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\WINDOWS', but > we don't know how on this OS. > > 2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\Program > Files', but we don't know how on this OS. > > 2018/11/12 23:04:38 rootcheck: INFO: Ending rootcheck scan. > > 2018/11/12 23:05:45 ossec-execd(1311): ERROR: Invalid command name > 'route-null' provided. > > 2018/11/12 23:07:21 ossec-logcollector(1904): INFO: File not available, > ignoring it: 'C:\Windows\pfirewall.log'. > > 2018/11/12 23:07:29 ossec-execd(1311): ERROR: Invalid command name > 'win_nullroute' provided. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
