Hi Chris, I sent another message with the file attached, thank you for your quick response. I double checked my file and there are no new line chars, each element does have it's own line. Can you think of any other reason why it still fails verify-agent-conf?
Please look at the attachment on the other e-mail if needed. Thanks! Glenn On Jul 11, 10:13 am, Christopher Moraes <cmoraes....@gmail.com> wrote: > I passed this through verify-agent-conf and got no errors. The only change > I made was to remove new line chars, so that each XML element is on a single > line.... > > read more » > > > > On Mon, Jul 11, 2011 at 11:18 AM, brighamr <glennbrobe...@gmail.com> wrote: > > I got the agents working on my win2008r2 servers using a very basic > > agent.conf. After that worked I created a much more specific > > agent.conf and am getting an error from verify-agent-conf which states > > "XML error, element not closed directories line 284". I have passed my > > file by several engineers and none of us can find any element which is > > not closed. Can you see any problems with this agent.conf which would > > cause this error? > > > <agent_config name="agent1|agent2"> > > <syscheck> > > <frequency>3600</frequency> > > <disabled>no</disabled> > > <directories check_all="yes">D:\examplecustomdir</directories> > > > <!-- Default files to be monitored - system32 only. --> > > <directories check_all="yes">%WINDIR%/win.ini</directories> > > <directories check_all="yes">%WINDIR%/system.ini</directories> > > <directories check_all="yes">C:\autoexec.bat</directories> > > <directories check_all="yes">C:\config.sys</directories> > > <directories check_all="yes">C:\boot.ini</directories> > > <directories check_all="yes">%WINDIR%/System32/CONFIG.NT</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/AUTOEXEC.NT</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/at.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/attrib.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/cacls.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/debug.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/drwatson.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/drwtsn32.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/edlin.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/eventcreate.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/eventtriggers.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/ftp.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/net.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/net1.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/netsh.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/rcp.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/reg.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/regedit.exe</directories> > > <directories check_all="yes">%WINDIR%/System32/regedt32.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/regsvr32.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/rexec.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/rsh.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/runas.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/sc.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/subst.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/telnet.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/tftp.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/tlntsvr.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/drivers/etc</ > > directories> > > <directories check_all="yes">C:\Documents and Settings/All Users/ > > Start Menu/Programs/Startup</directories> > > <ignore type="sregex">.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$</ > > ignore> > > > <!-- Windows registry entries to monitor. --> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\batfile</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\cmdfile</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\comfile</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\exefile</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\piffile</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes > > \AllFilesystemObjects</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Directory</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Folder</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Protocols</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Policies</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Security</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet > > Explorer</windows_registry> > > > <windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet > > \Services</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet > > \Control\Session Manager\KnownDLLs</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet > > \Control\SecurePipeServers\winreg</windows_registry> > > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows > > \CurrentVersion\Run</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows > > \CurrentVersion\RunOnce</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows > > \CurrentVersion\RunOnceEx</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows > > \CurrentVersion\URL</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows > > \CurrentVersion\Policies</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT > > \CurrentVersion\Windows</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT > > \CurrentVersion\Winlogon</windows_registry> > > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Active > > Setup\Installed Components</windows_registry> > > > <!-- Windows registry entries to ignore. --> > > <registry_ignore>HKEY_LOCAL_MACHINE\Security\Policy\Secrets</ > > registry_ignore> > > <registry_ignore>HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account > > \Users</registry_ignore> > > <registry_ignore type="sregex">\Enum$</registry_ignore> > > > <windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet > > \Control\Lsa\crashonauditfail*</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet > > \Control\Terminal Server\fDenyTSConnections*</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT > > \CurrentVersion\Winlogon\AutoAdminLogon*</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows > > \CurrentVersion\Policies\System\ConsentPromptBehaviorUser*</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows > > \CurrentVersion\Policies\System\EnableUIADesktopToggle*</ > > windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\SOFTWARE*</windows_registry> > > <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT > > \CurrentVersion\Winlogon\AutoAdminLogon*</windows_registry> > > <alert_new_files>yes</alert_new_files> > > </syscheck> > > </agent_config> > > > <agent_config name="agent3|agent4"> > > <syscheck> > > <frequency>3600</frequency> > > <disabled>no</disabled> > > <directories check_all="yes">D:\customexampledir</directories> > > > <!-- Default files to be monitored - system32 only. --> > > <directories check_all="yes">%WINDIR%/win.ini</directories> > > <directories check_all="yes">%WINDIR%/system.ini</directories> > > <directories check_all="yes">C:\autoexec.bat</directories> > > <directories check_all="yes">C:\config.sys</directories> > > <directories check_all="yes">C:\boot.ini</directories> > > <directories check_all="yes">%WINDIR%/System32/CONFIG.NT</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/AUTOEXEC.NT</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/at.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/attrib.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/cacls.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/debug.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/drwatson.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/drwtsn32.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/edlin.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/eventcreate.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/eventtriggers.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/ftp.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/net.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/net1.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/netsh.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/rcp.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/reg.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/regedit.exe</directories> > > <directories check_all="yes">%WINDIR%/System32/regedt32.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/regsvr32.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/rexec.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/rsh.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/runas.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/sc.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/subst.exe</ > > directories> > > <directories check_all="yes">%WINDIR%/System32/telnet.exe</- Hide quoted > > text - > > - Show quoted text -