On Mon, Jan 27, 2014 at 11:29 PM, frwa onto <[email protected]> wrote: > Dear All, > I saw this in my log file of ossec. For my case its /var/www/log > not logs. How to change this ? >
These configurations are in /var/ossec/etc/ossec.conf on the system generating the errors. > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/var/log/authlog'. > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/var/log/xferlog'. > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/var/www/logs/access_log'. > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/var/www/logs/error_log'. > > Also saw this. How to configure the system audit file is it a must here? > > 2014/01/24 23:48:03 ossec-analysisd: INFO: No Hostname in the white list for > active reponse. > 2014/01/24 23:48:03 ossec-analysisd: INFO: Started (pid: 1925). > 2014/01/24 23:48:03 ossec-rootcheck: System audit file not configured. > What is your rootcheck configuration? What OS is the system generating the error? > Another error I saw was this. > > 2014/01/20 20:10:46 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not accessible: 'Connection refused'. > 2014/01/20 20:10:46 ossec-analysisd(1301): ERROR: Unable to connect to > active response queue. > Are you using active response? > I need help on these few errors which I see and what I should avoid ? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
