I am running OSSEC 2.6 on a CentOS 5.5 server. It is the server that
receives all the ossec data from various and sundry servers. I don't want
it to monitor itself - it's purpose in life is to collect data and email
alerts. However, when I remove the <syscheck) stanza from ossec.conf, my
startup looks like:
OSSEC HIDS v2.6 Stopped
Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
2012/08/17 19:06:46 ossec-logcollector(1905): INFO: No file configured to
monitor.
Started ossec-logcollector...
Started ossec-remoted...
2012/08/17 19:06:46 ossec-syscheckd(1702): INFO: No directory provided for
syscheck to monitor.
../bin/ossec-control: line 218: 10307 Segmentation fault
${DIR}/bin/${i} ${DEBUG_CLI}
[root@xxxxxxxxx etc]# ../bin/ossec-control status
ossec-monitord not running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd not running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
Should I simply remove syscheckd from the list of DAEMONS in the startup
script, or should syscheckd quit gracefully, like monitord?
