2016/05/26 10:21:31 ossec-dbd: INFO: Chrooted to directory: /var/ossec, using user: ossecm
2016/05/26 10:21:31 ossec-dbd: INFO: Started (pid: 9318).
2016/05/26 10:21:33 ossec-syscheckd: INFO: (unix_domain) Maximum send buffer set to: '212992'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Started (pid: 9346).
2016/05/26 10:21:33 ossec-rootcheck: INFO: Started (pid: 9346).
2016/05/26 10:21:33 ossec-syscheckd: INFO: Monitoring directory: '/etc'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Monitoring directory: '/bin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Monitoring directory: '/sbin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Monitoring directory: '%WINDIR%/system32'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Monitoring directory: 'C:/Admin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Directory set for real time monitoring: '/etc'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Directory set for real time monitoring: '/usr/bin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Directory set for real time monitoring: '/usr/sbin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Directory set for real time monitoring: '/bin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Directory set for real time monitoring: '/sbin'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Directory set for real time monitoring: '%WINDIR%/system32'.
2016/05/26 10:21:33 ossec-syscheckd: INFO: Directory set for real time monitoring: 'C:/Admin'.
2016/05/26 10:21:34 ossec-logcollector: INFO: (unix_domain) Maximum send buffer set to: '212992'.
2016/05/26 10:21:34 ossec-logcollector: DEBUG: Entering LogCollectorStart().
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/messages'.
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/secure'.
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/maillog'.
2016/05/26 10:21:34 ossec-logcollector(1952): INFO: Monitoring variable log file: 'd:\wwwlogs\W3SVC1\u_ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1103): ERROR: Unable to open file 'd:\wwwlogs\W3SVC1\u_ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: 'd:\wwwlogs\W3SVC1\u_ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1952): INFO: Monitoring variable log file: 'c:\System32\LogFiles\W3SVC1\ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1103): ERROR: Unable to open file 'c:\System32\LogFiles\W3SVC1\ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: 'c:\System32\LogFiles\W3SVC1\ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1103): ERROR: Unable to open file 'c:\inetpub\wwwroot'.
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: 'c:\inetpub\wwwroot'.
2016/05/26 10:21:34 ossec-logcollector(1952): INFO: Monitoring variable log file: 'c:\inetpub\logs\LogFiles\W3SVC1\ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1103): ERROR: Unable to open file 'c:\inetpub\logs\LogFiles\W3SVC1\ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: 'c:\inetpub\logs\LogFiles\W3SVC1\ex160526.log'.
2016/05/26 10:21:34 ossec-logcollector(1103): ERROR: Unable to open file 'd:\SQLTrace'.
2016/05/26 10:21:34 ossec-logcollector(1950): INFO: Analyzing file: 'd:\SQLTrace'.
2016/05/26 10:21:34 ossec-logcollector: INFO: Started (pid: 9335).
2016/05/26 10:21:36 ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO data(id, server_id, "user", full_log) VALUES ('17596859', '1', 'svc.SP15_SearchT', '2016 May 26 10:21:41 WinEvtLog: Security: AUDIT_SUCCESS(4634): Microsoft-Windows-Security-Auditing: svc.SP15_SearchT: xxxx: xxx.com: An account was logged off. Subject:  Security ID:  S-1-5-21-1821853822-1790990057-2091147243-17812  Account Name:  svc.SP15_SearchT  Account Domain:  xxxx  Logon ID:  0x2e09647b  Logon Type:   3  This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer."  4646,1') '. Error: 'ERROR:  duplicate key value violates unique constraint "data_pkey"
DETAIL:  Key (id, server_id)=(17596859, 1) already exists.
'.
2016/05/26 10:21:36 ossec-dbd(5209): INFO: Closing connection to database.
2016/05/26 10:21:36 ossec-dbd(5210): INFO: Attempting to reconnect to database.
2016/05/26 10:21:36 ossec-dbd: Connected to database 'ossecdb' at '127.0.0.1'.
2016/05/26 10:21:36 ossec-dbd(5204): ERROR: Database error. Unable to run query.
2016/05/26 10:21:39 ossec-monitord: INFO: (unix_domain) Maximum send buffer set to: '212992'.
2016/05/26 10:21:45 ossec-syscheckd: Setting SCHED_BATCH returned: 0
2016/05/26 10:22:35 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2016/05/26 10:22:35 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).
2016/05/26 10:22:35 ossec-syscheckd: INFO: Initializing real time file monitoring (not started).
2016/05/26 10:22:35 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc'.
2016/05/26 10:22:35 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/httpd'.
2016/05/26 10:22:35 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/httpd/conf'.
2016/05/26 10:22:35 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/httpd/conf.d'.
2016/05/26 10:22:35 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/httpd/conf.modules.d'.
2016/05/26 10:22:37 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki'.
2016/05/26 10:22:37 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/rpm-gpg'.
2016/05/26 10:22:37 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust'.
2016/05/26 10:22:37 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust/extracted'.
2016/05/26 10:22:37 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust/extracted/java'.
2016/05/26 10:22:37 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust/extracted/openssl'.
2016/05/26 10:22:37 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust/extracted/pem'.
2016/05/26 10:22:39 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust/source'.
2016/05/26 10:22:39 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust/source/anchors'.
2016/05/26 10:22:39 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/ca-trust/source/blacklist'.
2016/05/26 10:22:39 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/java'.
2016/05/26 10:22:39 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/tls'.
2016/05/26 10:22:39 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/tls/certs'.
2016/05/26 10:22:39 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/tls/misc'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/tls/private'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/nssdb'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/CA'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/CA/certs'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/CA/crl'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/CA/newcerts'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/CA/private'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/rsyslog'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/product'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pki/product-default'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rpm'.
2016/05/26 10:22:41 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/yum.repos.d'.
2016/05/26 10:22:43 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/yum'.
2016/05/26 10:22:43 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/yum/vars'.
2016/05/26 10:22:43 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/yum/protected.d'.
2016/05/26 10:22:43 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/yum/pluginconf.d'.
2016/05/26 10:22:43 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/yum/fssnap.d'.
2016/05/26 10:22:43 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/gss'.
2016/05/26 10:22:43 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/gss/mech.d'.
2016/05/26 10:22:45 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rsyslog.d'.
2016/05/26 10:22:45 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/iproute2'.
2016/05/26 10:22:45 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/dbus-1'.
2016/05/26 10:22:45 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/dbus-1/system.d'.
2016/05/26 10:22:47 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/dbus-1/session.d'.
2016/05/26 10:22:47 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/binfmt.d'.
2016/05/26 10:22:47 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux'.
2016/05/26 10:22:47 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/mls'.
2016/05/26 10:22:47 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/mls/setrans.d'.
2016/05/26 10:22:47 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted'.
2016/05/26 10:22:49 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/contexts'.
2016/05/26 10:22:49 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/contexts/files'.
2016/05/26 10:22:51 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/contexts/users'.
2016/05/26 10:22:53 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/logins'.
2016/05/26 10:22:53 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/modules'.
2016/05/26 10:22:53 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/modules/active'.
2016/05/26 10:22:54 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/modules/active/modules'.
2016/05/26 10:23:44 ossec-logcollector(1904): INFO: File not available, ignoring it: 'c:\inetpub\wwwroot'.
2016/05/26 10:23:44 ossec-logcollector(1904): INFO: File not available, ignoring it: 'd:\SQLTrace'.
2016/05/26 10:23:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/selinux/targeted/policy'.
2016/05/26 10:23:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/lvm'.
2016/05/26 10:23:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/lvm/archive'.
2016/05/26 10:23:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/lvm/backup'.
2016/05/26 10:23:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/lvm/cache'.
2016/05/26 10:23:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/lvm/profile'.
2016/05/26 10:23:50 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/security'.
2016/05/26 10:23:50 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/security/console.apps'.
2016/05/26 10:23:50 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/security/console.perms.d'.
2016/05/26 10:23:50 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/security/limits.d'.
2016/05/26 10:23:50 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/security/namespace.d'.
2016/05/26 10:23:52 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/snmp'.
2016/05/26 10:23:52 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/audit'.
2016/05/26 10:23:52 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/audit/rules.d'.
2016/05/26 10:23:52 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/modules-load.d'.
2016/05/26 10:23:52 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd'.
2016/05/26 10:23:54 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system'.
2016/05/26 10:23:54 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system/getty.target.wants'.
2016/05/26 10:23:54 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system/multi-user.target.wants'.
2016/05/26 10:23:54 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system/default.target.wants'.
2016/05/26 10:23:54 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system/system-update.target.wants'.
2016/05/26 10:23:56 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system/sockets.target.wants'.
2016/05/26 10:23:56 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system/sysinit.target.wants'.
2016/05/26 10:23:56 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/system/remote-fs.target.wants'.
2016/05/26 10:23:56 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/systemd/user'.
2016/05/26 10:23:56 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sysctl.d'.
2016/05/26 10:23:58 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/tmpfiles.d'.
2016/05/26 10:23:58 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/udev'.
2016/05/26 10:23:58 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/udev/rules.d'.
2016/05/26 10:23:58 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/ntp'.
2016/05/26 10:23:58 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/NetworkManager'.
2016/05/26 10:23:58 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/NetworkManager/dispatcher.d'.
2016/05/26 10:24:00 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/cron.weekly'.
2016/05/26 10:24:00 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/ppp'.
2016/05/26 10:24:02 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/ppp/peers'.
2016/05/26 10:24:02 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/php.d'.
2016/05/26 10:24:06 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rwtab.d'.
2016/05/26 10:24:06 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/profile.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/statetab.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/samba'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pear'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/cron.hourly'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/X11'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/X11/applnk'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/X11/fontpath.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/X11/xorg.conf.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/bash_completion.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/opt'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/opt/BESClient'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pm'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pm/config.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pm/power.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pm/sleep.d'.
2016/05/26 10:24:08 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/skel'.
2016/05/26 10:24:10 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sysconfig'.
2016/05/26 10:24:10 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sysconfig/cbq'.
2016/05/26 10:24:10 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sysconfig/console'.
2016/05/26 10:24:10 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sysconfig/modules'.
2016/05/26 10:24:10 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sysconfig/network-scripts'.
2016/05/26 10:24:18 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/xdg'.
2016/05/26 10:24:18 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/xdg/autostart'.
2016/05/26 10:24:18 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/xdg/systemd'.
2016/05/26 10:24:18 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/xinetd.d'.
2016/05/26 10:24:18 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/fonts'.
2016/05/26 10:24:18 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/fonts/conf.d'.
2016/05/26 10:24:20 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/libreport'.
2016/05/26 10:24:20 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/libreport/events'.
2016/05/26 10:24:20 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/libreport/events.d'.
2016/05/26 10:24:20 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/libreport/plugins'.
2016/05/26 10:24:22 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/terminfo'.
2016/05/26 10:24:22 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/default'.
2016/05/26 10:24:22 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/prelink.conf.d'.
2016/05/26 10:24:22 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/ld.so.conf.d'.
2016/05/26 10:24:24 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/my.cnf.d'.
2016/05/26 10:24:24 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/popt.d'.
2016/05/26 10:24:24 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/alternatives'.
2016/05/26 10:24:26 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/chkconfig.d'.
2016/05/26 10:24:26 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/cron.d'.
2016/05/26 10:24:26 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d'.
2016/05/26 10:24:26 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/init.d'.
2016/05/26 10:24:26 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/rc0.d'.
2016/05/26 10:24:28 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/rc1.d'.
2016/05/26 10:24:28 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/rc2.d'.
2016/05/26 10:24:28 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/rc3.d'.
2016/05/26 10:24:30 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/rc4.d'.
2016/05/26 10:24:30 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/rc5.d'.
2016/05/26 10:24:32 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/rc.d/rc6.d'.
2016/05/26 10:24:32 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/cron.monthly'.
2016/05/26 10:24:34 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/plymouth'.
2016/05/26 10:24:34 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/dracut.conf.d'.
2016/05/26 10:24:34 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/grub.d'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/gcrypt'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pkcs11'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pkcs11/modules'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sasl2'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/libnl'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/dhcp'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/dhcp/dhclient.d'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/logrotate.d'.
2016/05/26 10:24:36 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/request-key.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/ssl'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/groff'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/groff/site-font'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/groff/site-tmac'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/rules.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/localauthority'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/localauthority/10-vendor.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/localauthority/20-org.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/localauthority/30-site.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/localauthority/50-local.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/localauthority/90-mandatory.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/polkit-1/localauthority.conf.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/modprobe.d'.
2016/05/26 10:24:38 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/pam.d'.
2016/05/26 10:24:42 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/gssproxy'.
2016/05/26 10:24:42 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/openldap'.
2016/05/26 10:24:42 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/openldap/certs'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/at-spi2'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/depmod.d'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/cron.daily'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/firewalld'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/firewalld/icmptypes'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/firewalld/services'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/firewalld/zones'.
2016/05/26 10:24:44 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/ssh'.
2016/05/26 10:24:46 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/exports.d'.
2016/05/26 10:24:46 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/gnupg'.
2016/05/26 10:24:46 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/auto.master.d'.
2016/05/26 10:24:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/audisp'.
2016/05/26 10:24:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/audisp/plugins.d'.
2016/05/26 10:24:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/cifs-utils'.
2016/05/26 10:24:48 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/sudoers.d'.
2016/05/26 10:24:50 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/etc/python'.
2016/05/26 10:24:52 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/usr/bin'.
2016/05/26 10:26:49 ossec-syscheckd: DEBUG: Directory added for real time monitoring: '/usr/sbin'.
2016/05/26 10:27:11 ossec-remoted(1403): ERROR: Incorrectly formated message from 'xxx.xxx.xxx.98'.
2016/05/26 10:27:18 ossec-remoted(1403): ERROR: Incorrectly formated message from 'xxx.xxx.xxx.98'.
2016/05/26 10:27:22 ossec-remoted(1403): ERROR: Incorrectly formated message from 'xxx.xxx.xxx.98'.
2016/05/26 10:27:27 ossec-remoted(1403): ERROR: Incorrectly formated message from 'xxx.xxx.xxx.98'.
2016/05/26 10:27:33 ossec-remoted(1403): ERROR: Incorrectly formated message from 'xxx.xxx.xxx.98'.
2016/05/26 10:30:54 ossec-syscheckd: WARN: Error opening directory: '%WINDIR%/system32': No such file or directory
2016/05/26 10:30:54 ossec-syscheckd: WARN: Error opening directory: 'C:/Admin': No such file or directory
2016/05/26 10:30:54 ossec-syscheckd: INFO: Real time file monitoring started.
2016/05/26 10:30:54 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed).
2016/05/26 10:31:06 ossec-syscheckd: INFO: Ending syscheck scan (forwarding database).
2016/05/26 10:31:26 ossec-rootcheck: INFO: Starting rootcheck scan.
2016/05/26 10:31:26 ossec-rootcheck: DEBUG: Starting on check_rc_files
2016/05/26 10:31:26 ossec-rootcheck: DEBUG: Starting on check_rc_trojans
2016/05/26 10:31:29 ossec-rootcheck: DEBUG: Going into check_rc_dev
2016/05/26 10:31:29 ossec-rootcheck: DEBUG: Starting on check_rc_dev
2016/05/26 10:31:29 ossec-rootcheck: DEBUG: Going into check_rc_sys
2016/05/26 10:31:29 ossec-rootcheck: DEBUG: Starting on check_rc_sys
2016/05/26 10:31:29 ossec-rootcheck: DEBUG: Going into check_rc_pids
2016/05/26 10:43:24 ossec-remoted(1213): WARN: Message from xxx.xxx.xxx.17 not allowed.
2016/05/26 10:43:30 ossec-remoted(1213): WARN: Message from xxx.xxx.xxx.17 not allowed.
2016/05/26 10:43:34 ossec-remoted(1213): WARN: Message from xxx.xxx.xxx.17 not allowed.
2016/05/26 10:43:39 ossec-remoted(1213): WARN: Message from xxx.xxx.xxx.17 not allowed.
2016/05/26 10:43:45 ossec-remoted(1213): WARN: Message from xxx.xxx.xxx.17 not allowed.
2016/05/26 10:44:49 ossec-rootcheck: DEBUG: Going into check_rc_ports
2016/05/26 10:44:51 ossec-rootcheck: DEBUG: Going into check_open_ports
2016/05/26 10:44:51 ossec-rootcheck: DEBUG: Going into check_rc_if
2016/05/26 10:44:51 ossec-rootcheck: DEBUG: Completed with all checks.
2016/05/26 10:44:56 ossec-rootcheck: INFO: Ending rootcheck scan.
2016/05/26 10:44:56 ossec-rootcheck: DEBUG: Leaving run_rk_check
2016/05/26 10:49:56 ossec-syscheckd: INFO: Starting syscheck scan.
2016/05/26 10:58:15 ossec-syscheckd: WARN: Error opening directory: '%WINDIR%/system32': No such file or directory
2016/05/26 10:58:15 ossec-syscheckd: WARN: Error opening directory: 'C:/Admin': No such file or directory
2016/05/26 10:58:37 ossec-syscheckd: INFO: Ending syscheck scan.