You're right!
OSSEC supports *report_changes* only for Linux and Unix systems (http://ossec-docs.readthedocs.org/en/latest/manual/syscheck/). The reason why I didn’t get alerts from further file changes, was the default configuration from ossec, that ignores changes made more than 3 times. Am Sonntag, 1. November 2015 20:42:37 UTC+1 schrieb dan (ddpbsd): > > > On Nov 1, 2015 2:27 PM, "sfritzke" <[email protected] <javascript:>> wrote: > > > > Hi, > > > > I have configurated my windows-agent to monitor changes for the > abc-Directory on real time: > > > > <directories check_all="yes" report_changes="yes" > realtime="yes">c:\abc</directories> > > > > When I change the file abc.txt on this directory, ossec generates an > alert correctly, but although writes an error into ossec.log on the agent. > > > > 2015/11/01 18:50:57 ossec-agent(1107): ERROR: Unable to create > directory: '/var/ossec/queue/diff/local/:\abc' > > 2015/11/01 18:50:57 ossec-agent(1124): ERROR: Unable to rename file: > 'c:\abc/abc.txt'. > > > > How can I solve this? > > > > Does the win agent supprt report changes? > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
