Re: [ossec-list] debug mode ?

Fri, 10 Aug 2012 10:14:14 -0700 

On Fri, Aug 10, 2012 at 1:07 PM, Leonardo Bacha Abrantes
<[email protected]> wrote:
> Hey people,
>
> I changed debug options in internal_options.conf according to the
> configurarion bellow, but the log was not appeared in verbose mode.
> How can I put it in more verbose ?
>
>
> syscheck.debug=2
> remoted.debug=2
> analysisd.debug=2
> logcollector.debug=2
> agent.debug=2
>

I guess I need to faq this. On the OSSEC server:
/var/ossec/bin/ossec-control enable debug &&
/var/ossec/bin/ossec-control restart

This doesn't work on the agent, but I don't know why. Running the
daemons with a -d works just fine for the agent as well.

>
>
> [root@myserver etc]# tail -f /var/ossec/logs/ossec.log
> 2012/08/10 14:02:12 ossec-agentd: INFO: Trying to connect to server
> (10.111.173.1:1514).
> 2012/08/10 14:02:12 ossec-agentd: INFO: Using IPv4 for: 10.111.173.1 .
> 2012/08/10 14:02:12 ossec-logcollector: DEBUG: Waiting main daemons to
> settle.
> 2012/08/10 14:02:16 ossec-syscheckd: INFO: Started (pid: 8991).
> 2012/08/10 14:02:16 ossec-rootcheck: INFO: Started (pid: 8991).
> 2012/08/10 14:02:16 ossec-syscheckd: INFO: Monitoring directory: '/etc'.
> 2012/08/10 14:02:16 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'.
> 2012/08/10 14:02:16 ossec-syscheckd: INFO: Monitoring directory:
> '/usr/sbin'.
> 2012/08/10 14:02:16 ossec-syscheckd: INFO: Monitoring directory: '/bin'.
> 2012/08/10 14:02:16 ossec-syscheckd: INFO: Monitoring directory: '/sbin'.
> 2012/08/10 14:02:18 ossec-agentd(1210): ERROR: Queue '/queue/alerts/execq'
> not accessible: 'Queue not found'.
> 2012/08/10 14:02:18 ossec-logcollector: INFO: (unix_domain) Maximum send
> buffer set to: '229376'.
> 2012/08/10 14:02:18 ossec-logcollector: DEBUG: Entering LogCollectorStart().
> 2012/08/10 14:02:18 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/messages'.
> 2012/08/10 14:02:18 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/secure'.
> 2012/08/10 14:02:18 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/xferlog'.
> 2012/08/10 14:02:18 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/vsftpd.log'.
> 2012/08/10 14:02:18 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/maillog'.
> 2012/08/10 14:02:18 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/httpd/error_log'.
> 2012/08/10 14:02:18 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/httpd/access_log'.
> 2012/08/10 14:02:18 ossec-logcollector: INFO: Started (pid: 8987).
> 2012/08/10 14:02:33 ossec-agentd: INFO: Unable to connect to the active
> response queue (disabled).
> 2012/08/10 14:02:54 ossec-agentd(4101): WARN: Waiting for server reply (not
> started). Tried: '10.111.173.1'.
> 2012/08/10 14:02:56 ossec-agentd: INFO: Trying to connect to server
> (10.111.173.1:1514).
> 2012/08/10 14:02:56 ossec-agentd: INFO: Using IPv4 for: 10.111.173.1 .
> 2012/08/10 14:03:17 ossec-agentd(4101): WARN: Waiting for server reply (not
> started). Tried: '10.111.173.1'.
> 2012/08/10 14:03:18 ossec-syscheckd: INFO: Starting syscheck scan
> (forwarding database).
> 2012/08/10 14:03:18 ossec-syscheckd: WARN: Process locked. Waiting for
> permission...
> 2012/08/10 14:03:37 ossec-agentd: INFO: Trying to connect to server
> (10.111.173.1:1514).
> 2012/08/10 14:03:37 ossec-agentd: INFO: Using IPv4 for: 10.111.173.1 .
>
>
>
> thanks!

Reply via email to