On Tue, Mar 26, 2019 at 1:19 PM Abid Raza <[email protected]> wrote: > > How can I fix the following errors from OSSEC.log file? > > > 37 ossec-agent(1758): ERROR: Unable to open registry key: > 'System\CurrentControlSet\Services\DHCPServer\ServicePrivateData'. >
These registry entries might not exist, or they're only reachable to 64bit applications. The windows agent is currently 32bit. I've done a little bit of playing around with 64bit builds, but haven't gotten very far, and I haven't seen much interest anyway. > 2019/03/25 17:45:24 ossec-agent(1758): ERROR: Unable to open registry key: > 'System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP'. > > 2019/03/25 17:45:24 ossec-agent(1758): ERROR: Unable to open registry key: > 'System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn'. > > 2019/03/25 17:45:24 ossec-agent(1758): ERROR: Unable to open registry key: > 'System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut'. > > 2019/03/25 17:45:24 ossec-agent(1758): ERROR: Unable to open registry key: > 'System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap'. > > 2019/03/25 17:45:24 ossec-agent(1758): ERROR: Unable to open registry key: > 'System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo'. > > 2019/03/25 17:45:57 ossec-agent(1758): ERROR: Unable to open registry key: > 'System\CurrentControlSet\Services\PolicyAgent\Parameters\Cache'. > > 2019/03/25 17:48:39 ossec-agent(1758): ERROR: Unable to open registry key: > 'Software\Microsoft\Windows\CurrentVersion\RunOnceEx'. > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\boot.ini': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/CONFIG.NT': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/AUTOEXEC.NT': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/debug.exe': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/drwatson.exe': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/drwtsn32.exe': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/edlin.exe': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/eventtriggers.exe': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/rcp.exe': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/rexec.exe': No such file or directory > > 2019/03/25 17:50:01 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/rsh.exe': No such file or directory > > 2019/03/25 17:50:03 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/telnet.exe': No such file or directory > > 2019/03/25 17:50:03 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/tftp.exe': No such file or directory > > 2019/03/25 17:50:03 ossec-agent: WARN: Error opening directory: > 'C:\Windows/System32/tlntsvr.exe': No such file or directory > > 2019/03/25 17:50:03 ossec-agent: WARN: Error opening directory: > 'C:\Users/Public/All Users/Microsoft/Windows/Start Menu/Startup': No such > file or directory > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
