For a local installation you should be able to just use: /var/ossec/bin/syscheck_update -u local That should fire off a syscheck scan to update the db. Not sure why I didn't think of that originally.
As far as active response is concerned, I'm not sure why that isn't working for you. "agent_control -R <id>" doesn't seem to work for me, but "agent_control -r -u 000" doesn't complain. I'd consider removing ossec and re-installing to see if that helps (I'm using the latest snapshot available at ossec.net/files/snapshots/). On Thu, Feb 25, 2010 at 7:09 AM, Mike Sievers <[email protected]> wrote: > Info: this is a local installation > Agent ID: 000 (local instance) >
