I uninstalled, deleted the entire ossec install folder, rebooted & then reinstalled.
The bookmark error only occurs after I drop the eventchannel line into the config. Here is what the install folder looks like: http://screencast.com/t/5I8UxnusQ44V Here is a view of the error from procmon: http://screencast.com/t/D4fGNnfWwhY I manually created the tmp folder, and that took care of one of the procmon errors (Path Not Found), now I just get a Name Not Found, when it can't find the file in tmp. Thoughts? -Josh On Friday, October 9, 2015 at 3:16:39 PM UTC-4, SoulAuctioneer wrote: > > Yeah, there was this: > > > https://github.com/awiddersheim/ossec-hids/commit/262630f63674c8e0e5928bf8a002d0a31114e2d6 > > Not sure that is the problem. Could be a number of things potentially. Is > there a tmp directory in the OSSEC directory? Maybe something stupid with > permissions? Might be worth using some of the pstools (ProcMon, ProcExp) to > see where OSSEC is trying to make those files and see what it might be > dying on. Those bookmarks are used to keep track of where OSSEC was last > reading from the eventlog so that when you stop/start the service it can > pick up where it left off. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
