I startet /var/ossec/bin/syscheck_update -u local at 11 o'clock, but no alert till now (11:30) :-(
On 26 Feb., 16:56, "dan (ddp)" <[email protected]> wrote: > For a local installation you should be able to just use: > /var/ossec/bin/syscheck_update -u local > That should fire off a syscheck scan to update the db. Not sure why I > didn't think of that originally. > > As far as active response is concerned, I'm not sure why that isn't > working for you. > "agent_control -R <id>" doesn't seem to work for me, but > "agent_control -r -u 000" doesn't complain. > I'd consider removing ossec and re-installing to see if that helps > (I'm using the latest snapshot available at > ossec.net/files/snapshots/). > > On Thu, Feb 25, 2010 at 7:09 AM, Mike Sievers > > <[email protected]> wrote: > > Info: this is a local installation > > Agent ID: 000 (local instance)
