Thanks; I will look into that and see what the logs show.
On Tuesday, March 7, 2017 at 4:30:09 AM UTC-6, InfoSec wrote:
>
> To gain visibility into what is going on at the agent side, turn on debug
> mode on the agent.
>
> In C:\Program Files (x86)\ossec-agent\internal_options.conf change:
>
> # Windows debug (used by the windows agent)
> windows.debug=0
> to
> # Windows debug (used by the windows agent)
> windows.debug=2
>
> and restart the agent. It will log all events it picks up in the agent log
> file: C:\Program Files (x86)\ossec-agent\ossec.log (Don't do it on a busy
> production system!)
>
> By examining events in ossec.log, you will know what the agent is picking
> up, and should be able to determine whether you are faced with an agent
> issue, or a server issue.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
