Daniel: /var was changed to /opt in the /var/www/htdocs/ossec/ossec_conf.php file and the "www" user was added to the /etc/group file under "ossec".
Both Apache 1.3.29 (distro from OpenBSD) and LigHTTPD have been installed and can successfully connect to the web interface, but neither can access alerts or any other data except the local ossec-server agent. Still no joy. -- Ed Vazquez May the bugs of many programs nest on your hard drive. 29 May 2007 14:45:20 > -----Original Message----- > From: Daniel Cid [mailto:[EMAIL PROTECTED] > Sent: Sunday, May 27, 2007 13:42 > To: [email protected] > Cc: Vazquez, Ed > Subject: Re: [ossec-list] OSSEC-WUI question > > Hi Ed, > > Can you try restarting apache? It will only use the new > permissions/users after > you restart it. In additional to that, make sure to change the > ossec path inside > the ui configuration file from /var/ossec/ to /opt/ossec. > > Hope it helps. > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On 5/24/07, Vazquez, Ed <[EMAIL PROTECTED]> wrote: > > The primary goal of implementing OSSEC where I work is to > centralize > > logging, alerts, etc. (no surprise there). > > > > The WebUI is a great addition to the package as it lets me > give the > > group responsible for care and feeding of the various systems > and > > devices some visibility into what is being reported. > > > > Since 90% of this data is sent via Syslog and captured > /sorted by > > syslog-ng, I am using the log analysis engine to suck in the > data and > > generate alerts, etc. > > > > While I get valid data in > '/opt/ossec/logs/alerts/alerts.log', the > > WebUI continues to deny the existence of anything except the > local > > server agent and even for that claims that no alert data is > available. > > > > I know I'm new to the OSSEC world, so I'm pretty sure I > missed > > something or broke something in my setup. > > > > The exact error is: > > > > Available agents: > > +ossec-server (127.0.0.1) > > -ossec-server (127.0.0.1) > > Name: ossec-server > > IP: 127.0.0.1 > > Last keep alive: 2007 May 24 10:51:21 > > OS: > > > > Latest modified files: > > > > No integrity checking information available. > > Nothing reported as changed. > > > > > > > > Unable to retrieve alerts. > > > > I did add the "www" user to the /etc/groups "ossec" entry and > ensured > > that the local "tmp" file has 777 permissions. I also made > sure to > > change the ossec_conf.php file to point to '/opt/ossec' > instead of > > '/var/ossec'. > > > > Help again? > > > > -- > > Ed Vazquez > > > > There are never any bugs you haven't found yet. > > 24 May 2007 10:41:58 > > > >
smime.p7s
Description: S/MIME cryptographic signature
