On Thu, Oct 11, 2012 at 12:59 PM, Adam <[email protected]> wrote: > i have this error in ossec.log: > ossec-analysisd: ERROR: read error on /queue/diff/ossecserver/535/last-entry > > only change i made to ossec was to /var/ossec/etc/ossec.conf where added the > following lines: > <localfile> > <log_format>syslog</log_format> > <location>/var/log/10.10.5.5/syslog.log</location> > </localfile> > > now on the web gui, nothing shows up under latest events. thoughts?
Are you still getting alerts in alerts.log? Is ossec-analysisd still running? What version of OSSEC? What OS/Distro/version/platform are you running it on? Does the file it can't read exist? Is the partition OSSEC is installed on full?
