Hi guys, I have some problems with ossec syscheck as it seems it does not catch all the events that happen in a directory configured to be monitored in real-time. To find out what is going wrong I was watching the logs and found the below errors for which I could not find a relevant discussion/solution with google.
Can you please help? 2010/05/17 12:29:35 ossec-logcollector: INFO: Started (pid: 11462). 2010/05/17 12:30:06 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2010/05/17 12:31:40 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed). 2010/05/17 12:33:40 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/05/17 12:34:12 ossec-analysisd(1755): ERROR: Invalid syscheck message received. 2010/05/17 12:34:16 ossec-analysisd(1755): ERROR: Invalid syscheck message received. 2010/05/17 12:34:16 ossec-analysisd(1755): ERROR: Invalid syscheck message received. 2010/05/17 12:38:28 ossec-syscheckd: INFO: Ending syscheck scan (forwarding database). 2010/05/17 12:38:48 ossec-rootcheck: INFO: Starting rootcheck scan. 2010/05/17 12:41:08 ossec-rootcheck: INFO: Ending rootcheck scan. 2010/05/17 13:04:17 ossec-analysisd: Invalid integrity message in the database. 2010/05/17 13:06:18 ossec-analysisd: Invalid integrity message in the database. 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the database. 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the database. 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the database. 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the database. If you need any other info please let me know... Thanks, Adi
