On Wed, 19 Sep 2007 15:19:51 -0400, Sébastien Houle
[EMAIL PROTECTED] wrote:
i have a problem with web interface...
i have installed with ./setup.sh
when i want access the page http://localhost/ossec [1]
i have this message No agent available
what can i do now ???
but i
Hello,
we are contemplaing about using OSSEC and would like to know:
What happend if the OSSec server is down, are the clients able
to continue to check the integrity of the client/agent?
Thank's a lot for any feedback!
John
Sounds like you don't have the proper permissions. I would double check those.
On 9/19/07, Sébastien Houle [EMAIL PROTECTED] wrote:
i have a problem with web interface...
i have installed with ./setup.sh
when i want access the page http://localhost/ossec
i have this message No
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
My understanding and experience of the architecture is that the
server does all the checking and alerting. The clients pass along
to the server what might be interesting information: log entries
and file metadata. The server decides
Hi Tim,
They will continue forever :) Basically, we don't queue the logs in
memory, but we just
store the location (pointer) of the last log that was read (and for
integrity checking, the last file checked). When the server is back,
we continue where we left...
Thanks,
--
Daniel B. Cid
dcid (
Hi Dan,
The rotation of the OSSEC logs happen at the end of each day (as soon as the day
changes). It will generate the checksum of the log and gzip it
(alerts.log is just a link to the current day log at
/var/ossec/logs/alerts/Year/Month/day ).
Your tool just needs to check when the inode of
Hi,
It is currently not the possible. The design we chose is that every
e-mail alert will
go to the main address specified in the global section (the alerts
that should be e-mailed are set in the email_alert_level option or
within a specific rule).
From within these e-mails is that we filter