I found that my reports in ossec server 2.5.1 dont run because of a race condition where log rollover happens before the reports generate so there's no file and thus no results. ossec.log file will show that.
I found that by creating a cronjob that runs a daily report shell script runs all my reports and emails them to be more effectively. On Feb 6, 3:46 am, "dan (ddp)" <[email protected]> wrote: > On Thu, Feb 2, 2012 at 8:53 PM, Macus <[email protected]> wrote: > > "..." means Ellipsis. > > I think the syntax is valid, because I have received the report daily > > for over a month. However, I couldn't receive it sometimes starting > > I missed that in your original mail, my apologies. > > > from last week. "No report" mean no alert? > > Possibly. Run it manually and check. Also check for report temporary > files (.reportSOMETHING or something like that, somewhere in > /var/ossec, I can't remember specifics and can't check at the moment). > > > > > > > > > On 2月2日, 下午9時04分, "dan (ddp)" <[email protected]> wrote: > >> On Tue, Jan 31, 2012 at 8:42 PM, Macus <[email protected]> wrote: > >> > I have setup a daily report like below for the syscheck. it is > >> > supposed to have the report delivered to my mailbox? The syscheck is > >> > scheduled daily at 20:00 > > >> > <reports> > >> > <category>syscheck</category> > >> > <title>OSSEC Daily Report: File Integrity Check Result</title> > >> > ... > >> > ... > > >> I don't think "..." is valid syntax. > > >> > <showlogs>yes</showlogs> > >> > </reports> > > >> > thanks.
