On Thu, Jun 27, 2013 at 2:32 PM, jigish thakar <[email protected]> wrote: > Guys > > Facing the same issue, did everything needed (as far as i know) but still > cant see any alert. Also checked archive.log nothing is appearing there. >
That's not much to go on. > > On Thursday, July 19, 2012 6:59:47 PM UTC+5:30, Wagner Thomas wrote: >> >> Hi! >> >> >> >> I’m currently testing OSSEC 2.6 on centOS and basically it works fine. >> >> Setup was easy to do and also the configuration of manager and agent went >> fine. >> >> >> >> My problem now is, that I don’t get alerts if files are deleted (added and >> changed files are reported correctly). >> >> >> >> This is my rule for deleted files (nothing changed after the >> installation): >> >> >> >> <rule id="553" level="7"> >> >> <category>ossec</category> >> >> <decoded_as>syscheck_deleted</decoded_as> >> >> <description>File deleted. Unable to retrieve checksum.</description> >> >> <group>syscheck,</group> >> >> </rule> >> >> >> >> Should it work with that rule or do I have to configure something else >> additionally? >> >> >> >> I hope someone knows that problem and can help me! >> >> >> >> Best regards, >> >> Thomas >> >> >> >> >> >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >> Handelsgericht Wien, FN 79340b >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> Notice: This e-mail contains information that is confidential and may be >> privileged. >> If you are not the intended recipient, please notify the sender and then >> delete this e-mail immediately. >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
