The primary goal of implementing OSSEC where I work is to centralize logging, alerts, etc. (no surprise there).
The WebUI is a great addition to the package as it lets me give the
group responsible for care and feeding of the various systems and
devices some visibility into what is being reported.
Since 90% of this data is sent via Syslog and captured /sorted by
syslog-ng, I am using the log analysis engine to suck in the data and
generate alerts, etc.
While I get valid data in '/opt/ossec/logs/alerts/alerts.log', the
WebUI continues to deny the existence of anything except the local
server agent and even for that claims that no alert data is available.
I know I'm new to the OSSEC world, so I'm pretty sure I missed
something or broke something in my setup.
The exact error is:
Available agents:
+ossec-server (127.0.0.1)
-ossec-server (127.0.0.1)
Name: ossec-server
IP: 127.0.0.1
Last keep alive: 2007 May 24 10:51:21
OS:
Latest modified files:
No integrity checking information available.
Nothing reported as changed.
Unable to retrieve alerts.
I did add the "www" user to the /etc/groups "ossec" entry and ensured
that the local "tmp" file has 777 permissions. I also made sure to
change the ossec_conf.php file to point to '/opt/ossec' instead of
'/var/ossec'.
Help again?
--
Ed Vazquez
There are never any bugs you haven't found yet.
24 May 2007 10:41:58
smime.p7s
Description: S/MIME cryptographic signature
