[ossec-list] RE : [ossec-list] Re: No alerts with Syscheck ?

Thu, 21 Dec 2006 13:33:36 -0800 


Hello Daniel,
Hello everybody,

Much sorry for delay too, but I've been very busy these last weeks. And
thank you for your reply.

So, to answer your questions:

        - OSSEC version is currently. I'm going to upgrade to 0.9-3 today.
        - OS machines on which OSSEC is installed: AIX 5.2, Linux Red Hat
Enterprise 3, Linux RHE 4
        - directory "/var/ossec/queue/syscheck/" on server is empty !

On one OSSEC Agent, I put during one month following parameters:

        - syscheck.debug=2
        - agent.debug=1

And there is absolutly nothing in logs regarding syscheck or agent
failures...??

Well, I'm going to upgrade all agents and server, and keep you posted.
Meanwhile, if someone had an idea, that would be cool !!

Other thing that can help: there are 14 agents installed, and none of these
14 agents report something on syscheck. So, 2 solutions:

        - either problem come from OSSEC Server
        - or problem come from OSSEC Agents, because I repeat same error on
the 14 installations. But which error then ?

Thanks very much.

Fred


-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf Of Daniel Cid
Sent: Friday, November 10, 2006 3:01 AM
To: [email protected]
Cc: [EMAIL PROTECTED]
Subject: [ossec-list] Re: No alerts with Syscheck ?


Hi Fred,

Sorry by the delay replying to you. Are these agents on Windows or Linux? If
you
look at the server, these should be one file for each agent at the
/var/ossec/queue/syscheck/ directory. Do you see anything in there?
Btw,
we fixed many bugs on the latest version, so upgrading to 0.9-3 may help.

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 11/3/06, Fred <[EMAIL PROTECTED]> wrote:



Hi everybody,

I have 14 OSSEC Agents, version 0.9.2. On each of them Syscheck is

"heavily"

configured (checking "all" on many directories). But no alerts yet, after
several weeks.

So, I would like to know how to check what's wrong:

    - I put sysckeck debugging to 1 for some agents
    - where should be stored checksum database (agent, server, which file)

?

If database doesn't exist, what could be the problem ?
    - .....?

In Agents and Server logs, I don't have any errors, and other alerts are

ok.


Thanks very much.

Fred

Reply via email to