Hi Dan, it don't work on OLD windows 2003 server.. but work normally on 2012 server.. tomorrow make other test.. I update you ASAP..
All the best gb Il giorno martedì 13 novembre 2018 12:35:29 UTC+1, dan (ddpbsd) ha scritto: > > On Mon, Nov 12, 2018 at 5:25 PM Giorgio Biondi <biondi....@gmail.com > <javascript:>> wrote: > > > > Hi at all, > > > > I tried to follow the documentation for active AR on Windows .. > > I think it does not work .. Has anyone had positive results? > > > > I haven't tried it, but your configuration is missing. Can you provide it? > > > I have follow this: > https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html > > > > In the log os my Windows machine have this: > > > > 2018/11/12 23:03:41 ossec-execd: INFO: Active response command not > present: 'active-response/bin/restart-ossec.sh'. Not using it on this > system. > > > > 2018/11/12 23:03:41 ossec-execd: INFO: Active response command not > present: 'active-response/bin/host-deny.sh'. Not using it on this system. > > > > 2018/11/12 23:03:41 ossec-execd: INFO: Active response command not > present: 'active-response/bin/firewall-drop.sh'. Not using it on this > system. > > > > 2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > > > > 2018/11/12 23:03:59 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > > > > 2018/11/12 23:04:03 ossec-syscheckd: INFO: Finished creating syscheck > database (pre-scan completed). > > > > 2018/11/12 23:04:13 ossec-syscheckd: INFO: Ending syscheck scan > (forwarding database). > > > > 2018/11/12 23:04:33 rootcheck: INFO: Starting rootcheck scan. > > > > 2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\WINDOWS', > but we don't know how on this OS. > > > > 2018/11/12 23:04:33 INFO: Attempted to check FS status for 'C:\Program > Files', but we don't know how on this OS. > > > > 2018/11/12 23:04:38 rootcheck: INFO: Ending rootcheck scan. > > > > 2018/11/12 23:05:45 ossec-execd(1311): ERROR: Invalid command name > 'route-null' provided. > > > > 2018/11/12 23:07:21 ossec-logcollector(1904): INFO: File not available, > ignoring it: 'C:\Windows\pfirewall.log'. > > > > 2018/11/12 23:07:29 ossec-execd(1311): ERROR: Invalid command name > 'win_nullroute' provided. > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
