Hi Ed, Can you try restarting apache? It will only use the new permissions/users after you restart it. In additional to that, make sure to change the ossec path inside the ui configuration file from /var/ossec/ to /opt/ossec.
Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 5/24/07, Vazquez, Ed <[EMAIL PROTECTED]> wrote: > The primary goal of implementing OSSEC where I work is to centralize > logging, alerts, etc. (no surprise there). > > The WebUI is a great addition to the package as it lets me give the > group responsible for care and feeding of the various systems and > devices some visibility into what is being reported. > > Since 90% of this data is sent via Syslog and captured /sorted by > syslog-ng, I am using the log analysis engine to suck in the data and > generate alerts, etc. > > While I get valid data in '/opt/ossec/logs/alerts/alerts.log', the > WebUI continues to deny the existence of anything except the local > server agent and even for that claims that no alert data is available. > > I know I'm new to the OSSEC world, so I'm pretty sure I missed > something or broke something in my setup. > > The exact error is: > > Available agents: > +ossec-server (127.0.0.1) > -ossec-server (127.0.0.1) > Name: ossec-server > IP: 127.0.0.1 > Last keep alive: 2007 May 24 10:51:21 > OS: > > Latest modified files: > > No integrity checking information available. > Nothing reported as changed. > > > > Unable to retrieve alerts. > > I did add the "www" user to the /etc/groups "ossec" entry and ensured > that the local "tmp" file has 777 permissions. I also made sure to > change the ossec_conf.php file to point to '/opt/ossec' instead of > '/var/ossec'. > > Help again? > > -- > Ed Vazquez > > There are never any bugs you haven't found yet. > 24 May 2007 10:41:58 > >
