Review the ossec.conf of the agent 1027. You should see a log for starting/ending rootcheck and syscheck.
I hope it helps. On Tuesday, June 6, 2017 at 9:17:11 PM UTC+2, John Kondur wrote: > > Thanks but unfortunately all it shows is the following: > > > OSSEC HIDS agent_control. Agent information: > Agent ID: 1027 > Agent Name: server1 > IP address: any/any > Status: Active > > Operating system: Linux 4.4. > Client version: OSSEC HIDS v2.8.3 / > 6322ee12ea9a05951f97923a8341a01a > Last keep alive: Tue Jun 6 19:10:59 2017 > > Syscheck last started at: Tue Jun 6 18:19:23 2017 > Rootcheck last started at: Tue Jun 6 18:41:54 2017 > > > It just shows last started, but never shows when it completes. > > > On Tuesday, June 6, 2017 at 4:42:52 AM UTC-4, Jesus Linares wrote: >> >> Hi John, >> >> I think it should appear in */var/ossec/bin/agent_control -i 1027. *Also, >> you can review the ossec.conf of your agent. >> >> Regards. >> >> On Monday, June 5, 2017 at 6:24:14 PM UTC+2, John Kondur wrote: >>> >>> I just started to use ossec, and was doing some testing by making some >>> changes in a file in a directory, and then I run from the server: >>> >>> >>> /var/ossec/bin/agent_control -r -a >>> >>> >>> if I do a query on the agent: >>> >>> >>> >>> /var/ossec/bin/agent_control -i 1027 >>> >>> >>> >>> It will show last time it started but never shows when it completes? Is >>> there a process or way to check to see if it completed or am I not waiting >>> long enough? So far I am not seeing ossec pick up that the file changes. >>> >>> Thanks >>> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.