On Mon, May 30, 2016 at 9:31 AM, Paul_H <
paulh...@gmail.com> wrote:
> Hi Rocio, thanks for the reply. I created the file on the manager, included
> your statements, and restarted however I am still seeing the error messages
> that the manager is unable to open the directories:
>
> 2016/05/30 08:47:50 ossec-syscheckd: WARN: Error opening directory:
> '%WINDIR%/system32': No such file or directory
> 2016/05/30 08:47:50 ossec-syscheckd: WARN: Error opening directory:
> 'C:/Admin': No such file or directory
> 2016/05/30 08:48:12 ossec-syscheckd: INFO: Ending syscheck scan.
> 2016/05/30 09:03:12 ossec-syscheckd: INFO: Starting syscheck scan.
>
The OSSEC manager is not running windows, so "%WINDIR%/system32" does
not make sense there.
Add that entry to the Windows agent's ossec.conf and restart the service.
>
>
> On Thursday, May 26, 2016 at 12:31:07 PM UTC-4, Paul_H wrote:
>>
>> Hello, kinda new to OSSEC and have a problem with the integrity check
>> (among some others) not sending alerts for our windows machines. I have
>> tested it on our CentOS 7 boxes and it is working fine for them. I have read
>> other posts here on the subject and the only thing I found was that you have
>> to turn off UAC which we do.
>> In the log file I see an entry for: ossec-syscheckd: WARN: Error opening
>> directory: '%WINDIR%/system32': No such file or directory but I am not sure
>> how to troubleshoot this. I turned on debug and have included the logs and
>> ossec.conf file...any suggestions would help
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
ossec-list+...@googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.