What do you mean by "start the syscheck database?" The syscheck db is a file on the manager, the agent's syscheck process gets the hashes of the configured files and forwards them to the manager (via ossec-agentd -> ossec-remoted).
On Mon, Nov 28, 2011 at 8:37 PM, Macus <[email protected]> wrote: > I am using OSSEC 2.6 on Centos 5.3 64. I have installed one server to manage > 6 servers with agents. I found sometimes the OSSEC missed to generate the > syscheck database sometimes after I have updated the agent.conf and restart > the OSSEC agents and servers. Is there any way to force the OSSEC to start > the syscheck database after I restart the OSSEC every time?? Without the > syscheck database, the OSSEC server will not trigger any alert for > file integrity check. > thx.
