Hi,
if it is a linux agent, the restart-ossec.cmd will not work. You must use
restart-ossec.sh.
Check out the documentation:
- http://ossec-docs.readthedocs.io/en/latest/manual/ar/index.html
-
http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.active-response.html
I also see the above on a Linux box (Ubuntu 14).
On Tuesday, April 21, 2015 at 10:07:28 AM UTC-4, Bob Jolliffe wrote:
>
> I am seeing the following in my ossec.log on a linux agent:
>
> ossec-execd: INFO: Active response command not present:
> '/var/ossec/active-response/bin/restart-ossec.cmd'.