On Sat, Aug 14, 2010 at 4:37 AM, ItsMikeE <[email protected]> wrote: > Nothing unusual in ossec.log > I have a few days off now, so it will be a while before I can try the > debug mode >
Cool, let us know. Also, try taking out the overlap from the syscheck configurations. 1. <directories check_all="yes">/var/ossec/bin</directories> 2. <directories check_all="yes">/var/ossec/etc</directories> 3. <directories check_perm="yes" check_owner="yes" check_group="yes">/var/ossec</directories> 3 overlaps 1 & 2. So either remove #3 entirely (for testing) or make it more specific: <directories check_perm="yes" check_owner="yes" check_group="yes">/var/ossec/active-response,/var/ossec/agentless,/var/ossec/rules,etc. I don't know if that could be causing the problem, but it might be worth trying.
