http://ddpbsd.blogspot.com/2011/11/more-ossec-documentation.html Look for ossec101
On Wed, Nov 16, 2011 at 6:58 PM, Steven Jones <[email protected]> wrote: > Hi All, > > I have tried to set this up....but there seems to be nothing concise/usable > on how to use the OSSEC application, ie a user manual. is there such a thing? > > So in the web ui I only have the local agent, which I am not able to retrieve > any info on....it says "unable to retrieve alerts" > > I'm missing agent 001 on my remote server in the web ui. How do I get this > to come up in the web ui and retrieve alerts? > > I can run agent_control -i 001 from the command line and the reply seems to > say it can see the remote agent... > > How can I test its actually doing anything? > > I created /ossec-test and touched test1 as zero length, then inserted random > characters but no feedback....presumably it should email the file has changed? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 >
