Bookmark Messages from OSSEC Agent
111 views
Skip to first unread message
Swati
Aug 11, 2015, 6:46:54 AM8/11/15
to ossec-list
I have ossec 2.8.2. My ossec agent conf file contains lots of windows event id filters.
Any idea why I would get a message "ossec-agent: Could not create bookmark from save (15008)" when I start the ossec-agent?
Thanks
Swati
Any idea why I would get a message "ossec-agent: Could not create bookmark from save (15008)" when I start the ossec-agent?
Thanks
Swati
Swati
Aug 26, 2015, 7:10:16 AM8/26/15
to ossec-list
Apart from the bookmark message I am getting "ossec-agent: Subscription error: 15007. Any idea??
Santiago Bassett
Sep 1, 2015, 2:44:45 PM9/1/15
to ossec...@googlegroups.com
Hi Swati,
are you using eventchannel in the agents? Have a look at this email thread:
Best
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Swati
Sep 8, 2015, 5:16:19 AM9/8/15
to ossec-list
Thanks Santiago! Yes, I am using eventchannel in the agents.
Kind Regards
Swati
Kind Regards
Swati
DefensiveDepth
Oct 12, 2015, 9:43:22 AM10/12/15
to ossec-list
Swati,
Are you using Event Trace Logs? (.etl format)
-Josh
Swati
Oct 12, 2015, 10:01:28 AM10/12/15
to ossec-list
Josh,
I am using the .etl format.
Thanks
Swati
DefensiveDepth
Oct 12, 2015, 11:17:10 AM10/12/15
to ossec-list
This issue is still outstanding... There is an open issue for it (https://github.com/ossec/ossec-hids/issues/665)
The fix I am working on rolling out to stable is unrelated...
Sorry!
-Josh
Reply all
Reply to author
Forward
0 new messages