On Fri, Jul 13, 2012 at 6:52 AM, alsdks <[email protected]> wrote: > Hello list, > > Is there a way to determine if a full command has been run. Like you can see > that syscheck has run with agent_control command from the server? > This is needed to troubleshoot frequency scheduling of the command . >
If you have the log all option turned on the results of the command will be in the archives.log. > Similar to the above as we can see with syscheck_control the list of > modified files , can we see what were the last stored outputs of the command > .I don't mean from the alert generated but rather if it is stored in some > file and we can query it directly . > > > Thank you! I think the diffs are in /var/ossec/queue/diff (on the agent?) if you're checking the diffs.
