Giorgio Biondi
2018-11-12 22:25:48 UTC
Hi at all,
I tried to follow the documentation for active AR on Windows ..
I think it does not work .. Has anyone had positive results?
I have follow
this: https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html
In the log os my Windows machine have this:
2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present:
'active-response/bin/restart-ossec.sh'. Not using it on this system.
2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present:
'active-response/bin/host-deny.sh'. Not using it on this system.
2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present:
'active-response/bin/firewall-drop.sh'. Not using it on this system.
2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck scan
(forwarding database).
2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2018/11/12 23:04:03 ossec-syscheckd: INFO: Finished creating syscheck
database (pre-scan completed).
2018/11/12 23:04:13 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2018/11/12 23:04:33 rootcheck: INFO: Starting rootcheck scan.
2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\WINDOWS',
but we don't know how on this OS.
2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\Program
Files', but we don't know how on this OS.
2018/11/12 23:04:38 rootcheck: INFO: Ending rootcheck scan.
2018/11/12 23:05:45 ossec-execd(1311): ERROR: Invalid command name
'route-null' provided.
2018/11/12 23:07:21 ossec-logcollector(1904): INFO: File not available,
ignoring it: 'C:\Windows\pfirewall.log'.
2018/11/12 23:07:29 ossec-execd(1311): ERROR: Invalid command name
'win_nullroute' provided.
I tried to follow the documentation for active AR on Windows ..
I think it does not work .. Has anyone had positive results?
I have follow
this: https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html
In the log os my Windows machine have this:
2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present:
'active-response/bin/restart-ossec.sh'. Not using it on this system.
2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present:
'active-response/bin/host-deny.sh'. Not using it on this system.
2018/11/12 23:03:41 ossec-execd: INFO: Active response command not present:
'active-response/bin/firewall-drop.sh'. Not using it on this system.
2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck scan
(forwarding database).
2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2018/11/12 23:04:03 ossec-syscheckd: INFO: Finished creating syscheck
database (pre-scan completed).
2018/11/12 23:04:13 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2018/11/12 23:04:33 rootcheck: INFO: Starting rootcheck scan.
2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\WINDOWS',
but we don't know how on this OS.
2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\Program
Files', but we don't know how on this OS.
2018/11/12 23:04:38 rootcheck: INFO: Ending rootcheck scan.
2018/11/12 23:05:45 ossec-execd(1311): ERROR: Invalid command name
'route-null' provided.
2018/11/12 23:07:21 ossec-logcollector(1904): INFO: File not available,
ignoring it: 'C:\Windows\pfirewall.log'.
2018/11/12 23:07:29 ossec-execd(1311): ERROR: Invalid command name
'win_nullroute' provided.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.