Search found 3 matches
- Thu Jul 08, 2021 1:05 am
- Forum: OSSEC
- Topic: How to configure ossec.conf in windows agent for directory/file monitoring
- Replies: 5
- Views: 15401
Re: How to configure ossec.conf in windows agent for directory/file monitoring
Hi Mikeshinn, For testing the agent in the windows machine, I tried to change the content of the file(which is added for the monitoring) by writing into it or deleting some content from it. It is working fine in the Linux-based machine. Mikeshinn, It is very helpful, if you can tell us, is this(file...
- Wed Jul 07, 2021 5:09 am
- Forum: OSSEC
- Topic: How to configure ossec.conf in windows agent for directory/file monitoring
- Replies: 5
- Views: 15401
Re: How to configure ossec.conf in windows agent for directory/file monitoring
Hi, Cponton, I tried the suggested syntax still, not working. It not even showing the changes for the default directory, not sure but It only shows the changes for the REGISTRY like below only. +HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient +HKEY_LOCAL_MACHINE\...
- Mon Jul 05, 2021 7:40 am
- Forum: OSSEC
- Topic: How to configure ossec.conf in windows agent for directory/file monitoring
- Replies: 5
- Views: 15401
How to configure ossec.conf in windows agent for directory/file monitoring
Can anyone help me with how to configure ossec.conf in windows agent so that we can add a file or directory to be monitor. for e.g: I want to monitor all the changes in the E drive. i tried this,using this syntax <directories check_all="yes">E:\.</directories> but no-luck. Thanks much.