It says there were no alerts, so there is no report.
On Jun 25, 2011 8:28 AM, "SystemAli" <[email protected]> wrote:
> Chris :
>
> I am trying to read the logs via this command :- *zcat
> /var/ossec/logs/alerts/2011/Jun/ossec-archive-23.log.gz |
> /var/ossec/bin/ossec-reportd*
>
> But all i get is :-
>
> 2011/06/25 12:02:17 ossec-reportd: INFO: Started (pid: 7610).
> 2011/06/25 12:02:22 ossec-reportd: INFO: Report completed and zero alerts
> post-filter.
>
> where is the report ?
>
>
>
> On Sat, Jun 25, 2011 at 11:03 AM, SystemAli <[email protected]> wrote:
>
>> Chris :
>>
>> I tried to call the "ossec-reportd" on the manage, but all i get is*:-
-"bash: /var/ossec/etc/ossec-reportd: No such file or directory"
>> *
>> *
>> *
>> what am i missing ? or m i calling it from the wrong location ?
>> *
>> *
>> *
>> *
>> On Fri, Jun 24, 2011 at 6:53 PM, Christopher Moraes <
[email protected]
>> > wrote:
>>
>>> You should check out the policy auditing feature. This is a part of
>>> rootkit check.
>>>
>>> If you have rootkit check enabled, configure it to use one of the policy
>>> files.
>>> you may have to configure the policy file to check for the specific
>>> service you want.
>>>
>>>
>>> On Thu, Jun 23, 2011 at 5:00 PM, SystemAli <[email protected]> wrote:
>>>
>>>> great..i see them getting logged there :) Thank you...
>>>>
>>>> Secondly ..i need to monitor additional services on the agent, how can
id
>>>> to that so it oo gets logged on the server ? for eg..failed services
like
>>>> mail / ftp / sshd etc etc
>>>>
>>>
>>>
>>
>>
>> --
>> "Want to be a leader? Wash the Dishes When Nobody Else Will<
http://thesash.me/wash-the-dishes-when-nobody-else-will>
>> "
>>
>
>
>
> --
> "Want to be a leader? Wash the Dishes When Nobody Else
> Will<http://thesash.me/wash-the-dishes-when-nobody-else-will>
> "
