Hi Daniel, /var/ossec/queue/syscheck/ contains a bunch of files with a naming scheme like:
(<host>) <ip>->syscheck .(<host>) <ip>->syscheck.cpt There is a couple for each agent, plus there's: syscheck .syscheck.cpt I have executed every single step from the OSSEC WUI install guide, the only thing about permissions was regarding the ossec-wui/tmp/ directory (chmod 770/chgrp www), there are no errors in the web server log, and I have just found out that Stats isn't working too, and ONLY real time search is working. So, very likely a permission problem :-) What OSSEC HIDS files / directories are required for the OSSEC-WUI Integrity Check, Stats and Search functionality? Thanks, E. 2007/5/22, Daniel Cid <[EMAIL PROTECTED]>: > > Hi Erik, > > We first need to determine where the problem is (agent/server connection > or at > the ui). > > -Did you follow all the steps from the installation guide? If the > permissions are > wrong, it will not work properly. In addition to that, did you add > your apache user > name to the ossec group and restarted apache? > > -Do you have any file at /var/ossec/queue/syscheck ? Can you show what is > in there to us? > > -Is there any errors at the apache error log? At the ossec log (both > server > and agent side)? > > > With that information we can start troubleshooting :) > > thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > > > On 5/11/07, Erik Delfgaauw <[EMAIL PROTECTED]> wrote: > > Hi folks, > > > > The Main screen of the OSSEC WUI shows "ossec-server" plus 4 agents. The > > ossec-server is receiving information from the agents correctly, BUT: > > > > The Integrity checking screen shows: > > > > "No integrity checking information available. > > Nothing reported as changed." > > > > The Agent name pick list only contains "ossec-server" and clicking the > Dump > > database button doesn't have any result but a quick reload of the page. > > > > OSSEC ( 1.1) + WUI (0.2) are running on RHEL ES 4.4. Port 1514 is > reachable > > for the agents. > > > > Syscheckd is running on all agents. > > > > I'm very curious to what the problem can be, and especially to what > would be > > the best way to troubleshoot this. > > > > Many thanks in advance ! > > > > Erik > > > > >
