On Thu, Aug 2, 2012 at 8:25 AM, dan (ddp) <[email protected]> wrote: > On Wed, Aug 1, 2012 at 10:08 PM, Steve Kieu <[email protected]> wrote: >> Probably can not ln it as the format of teh merge.mg is different from the >> normal xml config file, part of it is xml containing the config section and >> other part is not. >> >> I am confused. What ossec is use the merged.mg file for and why it is not >> picked up. >> > > merged.mg should get split into a number of files, one of them being > the current agent.conf. Did that happen? >
If it didn't happen, try creating a blank agent.conf with the proper permissions (I think I've posted those in this thread) and try again. If that did happen, did any of the other items in the agent.conf get picked up properly (are the localfiles being monitored)? >> >> >> On Thu, Aug 2, 2012 at 12:05 PM, Steve Kieu <[email protected]> wrote: >>>>> >>>>> >>>>> Try blanking the merged.mg. >>>> >>>> >>>> Looks like it does the trick. I cp /dev/null into it and then restart >>>> both - after restarting the file is populated with datra again pushed from >>>> the server in that section for the client name. >>>> >>>> Need to wait or do some testing to see if it is actually using that merge >>>> file for the config as I still do not see in the log that monitor these >>>> entry yet (in the merged.mg file) >>>> >>> >>> >>> So it has thing pushed to merge.mg file but it is not picked up. I >>> manually run >>> >>> bin/agent_control -r -a >>> >>> in the server and wait for a while, the in the client log it says: >>> >>> 2012/08/02 11:58:13 ossec-rootcheck: INFO: Starting rootcheck scan. >>> 2012/08/02 11:58:13 ossec-rootcheck: No rootcheck_files file configured. >>> 2012/08/02 11:58:13 ossec-rootcheck: No rootcheck_trojans file configured. >>> 2012/08/02 11:59:09 ossec-rootcheck: INFO: Ending rootcheck scan. >>> 2012/08/02 12:04:09 ossec-rootcheck: INFO: Starting rootcheck scan. >>> 2012/08/02 12:04:09 ossec-rootcheck: No rootcheck_files file configured. >>> 2012/08/02 12:04:09 ossec-rootcheck: No rootcheck_trojans file configured >>> >>> Obviously I saw all it is configure in the merge.pg file. Do we need to >>> sym link it to ossec.conf file? >>> >>> >>> >>> >>> >>>> >>>> >>>> >>>> -- >>>> Steve Kieu >>> >>> >>> >>> >>> -- >>> Steve Kieu >> >> >> >> >> -- >> Steve Kieu
