Hi I am struggle with same error "ossec-execd(1312): ERROR: Error executing '/var/ossec/active-response/bin/restart-agent.cmd': Exec format error"
I configured same as what they give https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html but it not work. Please give me a solutions for that error. <!---What i given in Ossec.conf---!> <command> <name>restart-agent</name> <executable>restart-ossec.cmd</executable> <expect>srcip</expect> <timeout_allowed>yes</timeout_allowed></command> <active-response> <command>restart-agent</command> <location>local</location> <level>6</level> <timeout>600</timeout></active-response> <!--- What i given in Agent Ossec.conf---!> <active-response> <disabled>no</disabled></active-response> Script of restart-ossec.cmd :: Simple script to restart ossec agent. @ECHO OFF ECHO. :: Logging it all FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DATE=%%B FOR /F "TOKENS=1* DELIMS= " %%A IN ('TIME/T') DO SET TIME=%%A ECHO %DATE% %TIME% %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 >> active-response/active-responses.log IF "%1"=="add" GOTO ADD IF "%1"=="delete" GOTO DEL :ERROR ECHO "Invalid argument. %1" GOTO Exit; :ADD net stop OssecSvc net start OssecSvc GOTO Exit; :DEL :Exit Give me solution to fix ossec-execd(1312): ERROR: Error executing '/var/ossec/active-response/bin/restart-agent.cmd': Exec format error. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
