Which log do you want to understand? The logs say - Starting syscheck Ending syscheck Starting rootcheck Ending rootcheck Last event count message is some sort of stats message.
On Thu, Jun 23, 2011 at 6:19 PM, SystemAli <[email protected]> wrote: > I see these entries on the *CLIENT *machine when i tail the log :- > > root@hunter [~]# *tail -f /var/ossec/logs/ossec.log* > 2011/06/24 01:26:05 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/secure'. > 2011/06/24 01:26:05 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/maillog'. > 2011/06/24 01:26:05 ossec-logcollector: INFO: Started (pid: 7785). > 2011/06/24 01:27:05 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > 2011/06/24 01:27:05 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > 2011/06/24 01:42:34 ossec-syscheckd: INFO: Finished creating syscheck > database (pre-scan completed). > 2011/06/24 01:42:46 ossec-syscheckd: INFO: Ending syscheck scan (forwarding > database). > 2011/06/24 01:43:06 ossec-rootcheck: INFO: Starting rootcheck scan. > 2011/06/24 01:59:40 ossec-rootcheck: INFO: Ending rootcheck scan. > 2011/06/24 02:42:12 ossec-agentd: INFO: Event count after '20000': > 3702849->3139664 (84%) > > > What does this mean, it does not go beyond this :( > > -- > "Want to be a leader? Wash the Dishes When Nobody Else > Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> > " >
