On Mon, Jan 6, 2014 at 1:28 PM, Carl Hilinski <[email protected]> wrote: > When I look in the web ui (beta .8) for Ossec, I see two issues. One is that > the time is wrong: > 3 - SSHD authentication success. 2014 Jan 06 18:16:00 > Rule Id: > 5715 > Location: > plato.hes.hmc.psu.edu->/var/log/messages > Src IP: > x.x.x.x > Jan 6 13:17:32 plato.hes.hmc.psu.edu sshd[22493]: [ID 800047 auth.info] > Accepted keyboard-interactive for oracle from x.x.x.x port 62671 ssh2 > > > It's off by seven hours. The line that read 2014 Jan 06 18:16:00 should be > 2014 Jan 06 01:16:00. Note that the time is correct in the actual log. All > of the system/clock settings are correct on this redhat 6.4 machine. It > appears to be a timezone issue...is that set somewhere special? >
Is this issue present in the /var/ossec/logs/alerts/alerts.log file as well? If so, check the zone file you have at /var/ossec/etc/localtime, perhaps the wrong one was installed. > Second, not all of the agents are listed in the area of the webui window > that lists the connected machines. While a couple are not listed there, they > will have activity listed in the Latest Events window. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
