The problem has not recurred, so I cannot progress this issue.
On Aug 15, 7:41 pm, "dan (ddp)" <[email protected]> wrote: > On Sat, Aug 14, 2010 at 4:37 AM,ItsMikeE<[email protected]> wrote: > > Nothing unusual in ossec.log > > I have a few days off now, so it will be a while before I can try the > > debug mode > > Cool, let us know. > Also, try taking out the overlap from the syscheck configurations. > > 1. <directories check_all="yes">/var/ossec/bin</directories> > 2. <directories check_all="yes">/var/ossec/etc</directories> > 3. <directories check_perm="yes" check_owner="yes" > check_group="yes">/var/ossec</directories> > > 3 overlaps 1 & 2. So either remove #3 entirely (for testing) or make > it more specific: > <directories check_perm="yes" check_owner="yes" > check_group="yes">/var/ossec/active-response,/var/ossec/agentless,/var/ossec/rules,etc. > > I don't know if that could be causing the problem, but it might be worth > trying.
