[ossec-list] Re: Fail to config ossec agent on Windows 8

Discussion:

Stefan Amyotte

2015-02-04 12:47:50 UTC

Encountered the same issue.

Has anyone tried manually editing the configuration file to see if that
works?

I have the same problem in Windows 8.
I thought as I did the test on only one machine, I thought it was unique
problem
Em quinta-feira, 11 de setembro de 2014 06h05min30s UTC-3, Diego Arranz

Hi,
"Unable to set permissions on new configuration file" and "Unable to set
permissions on auth key file".
When i install ossec-agent-win32-2.8.exe "install as administrator" and
when i run win32ui.exe say "run as administrator".
can someone help me??
thanks
--
Diego Arranz Prada

--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

SoulAuctioneer

2015-02-05 00:16:15 UTC

Permalink

This may be fixed in the upcoming release of OSSEC. Are any of you running
a different language other than English as the primary language for
Windows? Can you post the log entries (if any) that are in the ossec.log
file after this happens?

Would any of you be able to try the latest 2.9 beta? I believe you can get
it here:

https://github.com/ossec/ossec-hids/releases/tag/2.9.0-beta02

g***@castraconsulting.com

2015-02-05 14:17:01 UTC

Permalink

I have only tested one laptop, using English, installed as Administrator,
and it works

That said, I cannot read the logs or access various files even though I am
administrator, I have to launch the GUI first.

I make all my changes on the OSSEC server and the Agent picks up the config
from there

Hope this helps

Post by SoulAuctioneer
This may be fixed in the upcoming release of OSSEC. Are any of you running
a different language other than English as the primary language for
Windows? Can you post the log entries (if any) that are in the ossec.log
file after this happens?
Would any of you be able to try the latest 2.9 beta? I believe you can get
https://github.com/ossec/ossec-hids/releases/tag/2.9.0-beta02

SoulAuctioneer

2015-02-05 15:35:48 UTC

Permalink

Not being able to read the logs or the files in the OSSEC directory on
Windows is normal. Even though you are an admin you still need to accept
UAC or whatever to escalate to a high enough privilege level to read those
files. The GUI does this for you when you open it which is why things work
from there.

Rodrigo Montoro(Sp0oKeR)

2015-02-09 00:24:02 UTC

Permalink

Hey guys,

I had some problems with agent in a pt_BR win7 desktop. I didn't test this
beta agent so far but I will try this week.

Since it's only a problem at UI, what we configured client.keys and add
ossec entry manually and use OsssecSvc service. Worked pretty fine.

I blogged here in pt_BR about this problem
http://spookerlabs.blogspot.com.br/2015/02/problemas-com-ossec-windows-agent-em.html

Thanks

Post by SoulAuctioneer
Not being able to read the logs or the files in the OSSEC directory on
Windows is normal. Even though you are an admin you still need to accept
UAC or whatever to escalate to a high enough privilege level to read those
files. The GUI does this for you when you open it which is why things work
from there.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.

--
Rodrigo Montoro (Sp0oKeR)
http://spookerlabs.blogspot.com
http://www.twitter.com/spookerlabs
http://www.linkedin.com/in/spooker

SoulAuctioneer

2015-02-10 00:22:50 UTC

Permalink

Great blog post. Just saw it the other day from twitter I think. Let me
know how your testing goes. Best way we can get things like this fixed is
to have good testing.

SoulAuctioneer

2015-02-22 01:52:11 UTC

Permalink

Were you able to test the latest beta version with another language yet?
Would love to get this bug tested/fixed before OSSEC 2.9 is released.

Rodrigo Montoro(Sp0oKeR)

2015-02-23 11:27:44 UTC

Permalink

Hi there,

It was a friend that was going to test, since last week was Carnaval down
here so I don't expect that something happened =)

I'll ping him today and let you know.

Thanks

Post by SoulAuctioneer
Were you able to test the latest beta version with another language yet?
Would love to get this bug tested/fixed before OSSEC 2.9 is released.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.

--
Rodrigo Montoro (Sp0oKeR)
http://spookerlabs.blogspot.com
http://www.twitter.com/spookerlabs
http://www.linkedin.com/in/spooker