i was out of disk space "face palm", thanx dan :) On Thu, Oct 11, 2012 at 12:02 PM, dan (ddp) <[email protected]> wrote:
> On Thu, Oct 11, 2012 at 12:59 PM, Adam <[email protected]> wrote: > > i have this error in ossec.log: > > ossec-analysisd: ERROR: read error on > /queue/diff/ossecserver/535/last-entry > > > > only change i made to ossec was to /var/ossec/etc/ossec.conf where added > the > > following lines: > > <localfile> > > <log_format>syslog</log_format> > > <location>/var/log/10.10.5.5/syslog.log</location> > > </localfile> > > > > now on the web gui, nothing shows up under latest events. thoughts? > > Are you still getting alerts in alerts.log? Is ossec-analysisd still > running? What version of OSSEC? What OS/Distro/version/platform are > you running it on? Does the file it can't read exist? Is the partition > OSSEC is installed on full? >
