Hi all,
I think that the issue you referred is not the cause of this problem: it
will write the merged.mg as a binary file but this shouldn't matter because
OSSEC and Wazuh performs the shared file (merged.mg) MD5 as a text file, so
the hash should match.
As I said before IMHO the issue
Hi Jose,
Thanks for your answer, i send you the log:
2017/08/01 13:44:10 ossec-remoted(1103): ERROR: Unable to open file
'/queue/rids
/001'.
2017/08/01 15:19:33 ossec-remoted(1103): ERROR: Unable to open file
In adition the host send alerts to my email but still disconnected... how
can it be?
=S
El jueves, 3 de agosto de 2017, 12:48:04 (UTC-5), Carlos Islas escribió:
>
> Hi Jose,
>
> Thanks for your answer, i send you the log:
>
> 2017/08/01 13:44:10 ossec-remoted(1103): ERROR: Unable to open
So, I did find my problem, sort-of. The log is coming through in multiline
format, so when I grepped for "sysmon", I only got the first line and
missed all of the good info. I am using ossec in Alienvault, so that may
complicate things a bit. I know that what I need to do is to force ossec
Hi, I'm trying to get OSSEC to alert on sysmon logs. After installing
sysmon, and setting to yes, I do get sysmon events in
archives.log, but I don't get anything useful. The lines stop after the
event description: For example:
2017 Aug 03 00:00:35 (Win7-1) 0.0.0.0->WinEvtLog 2017 Aug 03
