On Fri, Aug 17, 2012 at 3:25 PM, biciunas <[email protected]> wrote: > I am running OSSEC 2.6 on a CentOS 5.5 server. It is the server that > receives all the ossec data from various and sundry servers. I don't want it > to monitor itself - it's purpose in life is to collect data and email > alerts. However, when I remove the <syscheck) stanza from ossec.conf, my > startup looks like: > > OSSEC HIDS v2.6 Stopped > Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... > Started ossec-maild... > Started ossec-execd... > Started ossec-analysisd... > 2012/08/17 19:06:46 ossec-logcollector(1905): INFO: No file configured to > monitor. > Started ossec-logcollector... > Started ossec-remoted... > 2012/08/17 19:06:46 ossec-syscheckd(1702): INFO: No directory provided for > syscheck to monitor. > ../bin/ossec-control: line 218: 10307 Segmentation fault > ${DIR}/bin/${i} ${DEBUG_CLI} > > [root@xxxxxxxxx etc]# ../bin/ossec-control status > ossec-monitord not running... > ossec-logcollector is running... > ossec-remoted is running... > ossec-syscheckd not running... > ossec-analysisd is running... > ossec-maild is running... > ossec-execd is running... > > Should I simply remove syscheckd from the list of DAEMONS in the startup > script, or should syscheckd quit gracefully, like monitord? >
monitord not running is an issue you should look into. If you don't care about the integrity of the OSSEC server, go ahead and remove the syscheckd from ossec-control. No reason to even run it.
