But web1 is a RHEL 5.3 system.
Why would OSSEC have done this? What triggered it thinking there was
supposed to be a Windows registry there? Nothing in the config has
anything mentioning the registry. Is there some way to remove the
erroneous "syscheck->registry" entry and make sure OSSEC doesn't
recreate it?
-Alan
That's strange... Maybe you had a Windows box with the same name/ip
before? If you
remove that file inside the queue it should not show up anymore.
Btw, can you see what is inside that file? If it has real registry
entries, than almost sure
you had a windows agent before with that name...
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
Any ideas about this? Suddenly in my UI I have almost all my Linux
hosts showing with a "Windows registry" entry.
What part of the client or server makes the decision to create this, and
guess wrong?
-Alan