Problem retrieving data from specific Windows Event Viewer Channel

[Stefano Serano]

Hi all again

I'm trying to get data from a specific channel in Windows, with this configuration below that i've share to my agents i'm able to get the data from all my agents except for 2:

 <localfile>

      <location>Veeam Backup</location>

      <log_format>eventchannel</log_format>

    </localfile>

In this channel i generate throught  a script some event that wazuh is unable to collect generating me this error:

2020/05/08 17:47:58 ossec-agent: ERROR: Could not get message for (¨8%)

2020/05/08 17:47:58 ossec-agent: ERROR: Could not EvtFormatMessage() to determine buffer size with flags (1) which returned (15027)

Let me know if you can understand why.

Have a nice day

[Borja Arroba]

Hi Stefano,

The error message obtained from EvtFormatMessage() output is as follows:

The message resource is present, but the message is not found in the string or message table.

Could you provide more information about the events generated with your script?

Regards.

[Kudret ÇAĞLAYAN]

It's been a long time, but were you able to transfer the Veeam backup logs to Wazuh?

11 Mayıs 2020 Pazartesi tarihinde saat 11:31:04 UTC+3 itibarıyla Borja Arroba şunları yazdı: