On Thu, Jun 20, 2013 at 10:36 AM, David Blanton <[email protected]> wrote: > Here is what my agent.conf file looks like: > > <agent_conf> > > <localfile> > <log_format>syslog</log_format> > <location>/var/log/messages</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/var/log/secure</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/var/adm/sulog</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/var/adm/messages</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/var/log/maillog</location> > </localfile> > > <localfile> > <log_format>apache</log_format> > <location>/var/log/httpd/error_log</location> > </localfile> > > <localfile> > <log_format>apache</log_format> > <location>/var/log/httpd/access_log</location> > </localfile> > > <syscheck> > <directories check_all="yes">/etc,/usr/bin,/usr/sbin<directories> > > <directories check_all="yes">/bin,/sbin</directories> > <directories check_all="yes">/usr/local/sbin</directories> > <directories check_all="yes">/usr/local/bin</directories> > </syscheck> > </agent_conf> > > > And here was what ossec.log says: > > 2013/06/20 10:12:16 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/var/adm/sulog'. > 2013/06/20 10:12:16 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/var/adm/messages'. > 2013/06/20 10:23:40 ossec-rootcheck: No rootcheck_files file: > '/var/ossec/etc/shared/rootkit_files.txt' > 2013/06/20 10:23:40 ossec-rootcheck: No rootcheck_trojans file: > '/var/ossec/etc/shared/rootkit_trojans.txt' > 2013/06/20 10:23:43 ossec-rootcheck: No unixaudit file: > '/var/ossec/etc/shared/system_audit_rcl.txt' > 2013/06/20 10:23:43 ossec-rootcheck: No unixaudit file: > '/var/ossec/etc/shared/cis_debian_linux_rcl.txt' > 2013/06/20 10:23:43 ossec-rootcheck: No unixaudit file: > '/var/ossec/etc/shared/cis_rhel_linux_rcl.txt' > 2013/06/20 10:23:43 ossec-rootcheck: No unixaudit file: > '/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt' > > What's going on? >
Do these files exist on that agent? > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
