What OS are you facing this issue on? Which version of OSSEC? What comprises of "everything needed" that you did?
You folks need to learn a thing or two when you ask for help on a forum. Learn to provide enough details to anyone who might be kind enough to try and help you out. Show effort. Give and you shall receive. On Friday, June 28, 2013 12:02:43 AM UTC+5:30, jigish thakar wrote: > > Guys > > Facing the same issue, did everything needed (as far as i know) but still > cant see any alert. Also checked archive.log nothing is appearing there. > > On Thursday, July 19, 2012 6:59:47 PM UTC+5:30, Wagner Thomas wrote: >> >> Hi! >> >> >> >> I’m currently testing OSSEC 2.6 on centOS and basically it works fine. >> >> Setup was easy to do and also the configuration of manager and agent went >> fine. >> >> >> >> My problem now is, that I don’t get alerts if files are deleted (added >> and changed files are reported correctly). >> >> >> >> This is my rule for deleted files (nothing changed after the >> installation): >> >> >> >> <rule id="553" level="7"> >> >> <category>ossec</category> >> >> <decoded_as>syscheck_deleted</decoded_as> >> >> <description>File deleted. Unable to retrieve checksum.</description> >> >> <group>syscheck,</group> >> >> </rule> >> >> >> >> Should it work with that rule or do I have to configure something else >> additionally? >> >> >> >> I hope someone knows that problem and can help me! >> >> >> >> Best regards, >> >> Thomas >> >> >> >> >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >> Handelsgericht Wien, FN 79340b >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> Notice: This e-mail contains information that is confidential and may be >> privileged. >> If you are not the intended recipient, please notify the sender and then >> delete this e-mail immediately. >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
