FIM Issue
17 views
Skip to first unread message
DIWAHAR RAHAWID
Mar 3, 2026, 4:27:17 AM (yesterday) Mar 3
to Wazuh | Mailing List
Hi Team,
I have configured Realtime monitoring for some folders on the server but it is not working as expected, I found some errors in the agent log as given below,
2026/03/03 03:39:11 wazuh-agent: ERROR: Could not move (C:\Program Files (x86)\ossec-agent\queue\diff/tmp/tmp-entry.gz) to (C:\Program Files (x86)\ossec-agent\queue\diff/file/d7fa17e882a7e3e9a0328553065d5615baf57812/last-entry.gz) which returned (32)
2026/03/03 03:39:11 wazuh-agent: ERROR: (1124): Could not rename file 'C:\Program Files (x86)\ossec-agent\queue\diff/tmp/tmp-entry.gz' to 'C:\Program Files (x86)\ossec-agent\queue\diff/file/d7fa17e882a7e3e9a0328553065d5615baf57812/last-entry.gz' due to [(17)-(File exists)].
2026/03/03 03:39:11 wazuh-agent: ERROR: (1124): Could not rename file 'C:\Program Files (x86)\ossec-agent\queue\diff/tmp/tmp-entry.gz' to 'C:\Program Files (x86)\ossec-agent\queue\diff/file/d7fa17e882a7e3e9a0328553065d5615baf57812/last-entry.gz' due to [(17)-(File exists)].
Is there any way to rectify this or any configuration need to be changed.
Regards
Diwahar
Md. Nazmur Sakib
Mar 3, 2026, 5:37:13 AM (yesterday) Mar 3
to Wazuh | Mailing List
Hello Diwahar,
We have encountered similar errors in versions prior to 4.14.0 when real-time FIM was configured using agent group configuration.
We have added the fix in 4.14.0. So if you upgrade your agents to 4.14.0 or above, this should resolve the issue. If you decide to upgrade, keep in mind that the agent version should be the same or lower than the manager version.
You can read more about this in this GitHub issue.
https://github.com/wazuh/wazuh/issues/32614
If you have an older version of the agent, you can configure the FIM configuration in the endpoint’s ossec.conf
Let me know if you need any further information on this.
Reply all
Reply to author
Forward
0 new messages