Thanks bro, That has been fix. Now i want to disable AR on specific agent and i add following code in agent.conf but it doesn't working... still AR is active on that node
<agent_config name="devserver1"> <active-response> <disabled>yes</disabled> </active-response> </agent_config> On Thu, Mar 3, 2011 at 12:46 PM, carlopmart <[email protected]> wrote: > On 03/03/2011 06:30 PM, satish patel wrote: >> >> Look like my managment server pushed agent.conf to client after >> restart agent i got follwoing error "No file configured to monitor" I >> did specify each and every log files in agents.conf >> >> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... >> Started ossec-execd... >> Started ossec-agentd... >> 2011/03/03 09:30:38 ossec-logcollector(1905): INFO: No file configured >> to monitor. >> Started ossec-logcollector... >> 2011/03/03 09:30:38 ossec-syscheckd(1702): INFO: No directory provided >> for syscheck to monitor. >> 2011/03/03 09:30:38 ossec-syscheckd: WARN: Syscheck disabled. >> Started ossec-syscheckd... >> Completed. >> >> > > It is a common error. If agent doesn't have any file or directory to monitor > under ossec.conf, shows this alarm. After some seconds, server push > agents.conf to agent and this error disappears if you restart agent (local > or remote) > > > -- > CL Martinez > carlopmart {at} gmail {d0t} com >
