Re: [ossec-list] Qustios about how OSSEC works. Q1 is the time displayed by syscheck_control, Q2 is OSSEC able to detect change using cp -p option?

Hi Dan, Thanks. Regards, Marcos On Tue, Jul 10, 2012 at 10:12 PM, dan (ddp) ddp...@gmail.com wrote: On Sat, Jun 30, 2012 at 2:02 PM, Marcos Tang marcostang2...@yahoo.com wrote: Hi, I have 2 questions about OSSEC and I want to know your answer. Today, the syscheck_control -i 125 -f

[ossec-list] Qustios about how OSSEC works. Q1 is the time displayed by syscheck_control, Q2 is OSSEC able to detect change using cp -p option?

Hi, I have 2 questions about OSSEC and I want to know your answer. Today, the syscheck_control -i 125 -f /usr/local/bin/test1 shows the following results (See background information section below). My understanding to the syscheck_conrol output is (a) this file is initially added to the

[ossec-list] Can anyone explain the syntax of the file /opt/ossec/queue/syscheck?

Hi, I find my OSSEC server keeps reporting a file is changed. I checked that file check sum and timestamp and it has nothing change, as far as I can tell. When I try to see what is going on inside the file /opt/ossec/queue/syscheck/(ossec_client) 172.30.XX.XXX - syscheck, I find there are 2

Re: [ossec-list] Can anyone explain the syntax of the file /opt/ossec/queue/syscheck?

From: dan (ddp) ddp...@gmail.com To: ossec-list@googlegroups.com Sent: Wednesday, February 29, 2012 7:03 PM Subject: Re: [ossec-list] Can anyone explain the syntax of the file /opt/ossec/queue/syscheck? On Wed, Feb 29, 2012 at 12:55 AM, Marcos Tang marcos.t...@gmail.com wrote: Hi, I find my

Re: [ossec-list] Question about OSSEC server which reports files are changed, but the file seems unchanged

Hi Dan, Refer to my previous email, I have the following findings. * Output from the OSSEC server * [root@myserver ~]# /opt/ossec/bin/syscheck_control -i 049 -f /opt/syslog-ng/conf/syslog-ng.conf Integrity changes for agent 'myagent (049)

[ossec-list] Question about OSSEC server which reports files are changed, but the file seems unchanged

Hi OSSEC users and Dan High-level background of my current setup: - Several OSSEC servers are running on Solaris - OSSEC agents are running on Solaris and reporting to the above OSSEC servers - Running /opt/ossec/bin/agent_control -lc shows the agents are connecting to the server - File

[ossec-list] Timestamp of the integrity checksum files will be updated according to frequency parameter inside the agent.conf file?

Hi, I have a question about the behavior of the frequency parameter inside the agent.conf file. Right now, the OSSEC agent has the agent.conf file with frequency86400/frequency setup, or it will scan the files every 20 hours.  One observation from the OSSEC server is the timestamp of the

[ossec-list] ossec-remoted can't be started on OSSEC server when the number of OSSEC agents larger than the default vaule

Hi, I am deploying OSSEC to my working environment and I am having issue to add OSSEC agents more than the default supported number. I follow this URL (http://www.ossec.net/doc/faq/unexpected.html?highlight=maximum#errors-when-dealing-with-multiple-agents) and I re-compiled the OSSEC server