On Fri, Nov 8, 2013 at 12:27 PM, Tom Fischer <[email protected]> wrote: > > I have 2 remote hosted Linux servers I am monitoring. They seem to be > connecting fine and I am getting alerts as expected. I recently got an alert > about a trojanised passwd file which turned out to be a false positive. The > first thing I went to look at when I got the alert was integrity checking > database in the wui. If I go to display all agents, I can see notifications > of file changes for all my devices including the 2 remotes. But If I dump > the database for either one, the screen comes up blank. How do I get the > client to send the file list to the server database? Did I miss a port that > needs to be opened in the firewall? >
The syscheck database exists on the server, in /var/ossec/queue/syscheck. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
