[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: Windows Agent Issues
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: Windows Agent Issues
- From: Rob <jnrelliott@xxxxxxxxx>
- Date: Wed, 28 Feb 2007 09:00:52 -0600
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=ocptifDnigqDlTMraLEuA6GhuleDWoINPFKJldo8m6HMNKuXTvEOC93b+UdDW7ePKtND2AmI/svNEbsxx2j/3A4rT81oRjHriD0kmE3d1a5B57HvcqMZFOJiR5LBwN8x8zBrjcaVXnldhoWdUDGoq6UoNnFQG0wMC8Wz9flimqA=
Michael,
Do you mean the syschecklocal.db? I noticed it creates a new one every time I restart the agent. After that, I can make a change to the file system and it will alert me. However, any more changes after the first syscheck, I don't receive any notifications. Wierd.
Thanks,
Robert
On 2/27/07, Michael Starks <ossec@xxxxxxxxxxxxxxxxx> wrote:
Rob wrote:
> Hello all,
> Currently I'm running 1.0 of the Windows Client and the server on Fedora
> 5. I can restart the agent and I get email when it connects. The issue
> I have is the client will only do a file/folder syscheck when I restart
> the agent. I'm getting registry notifications, but nothing about the
> file system. Is it possible that auto ignore is still on even though
> I've indicated to NOT turn it on?
I'm not sure if this will help, but try updating the database.
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.