On Tue, Jan 28, 2014 at 10:43 PM, frwa onto <[email protected]> wrote: > Dear Dan, > I have attached my ossec.conf file. Yes for the first problem > I have known where the settings for the /var/www/log/access_log and
Then I'm not sure why you asked how to change the entries. > error_log. For your next question I am not sure how you determine the rook > check? I am using Centos 6.5 (Final). Also how to determine if the active You look in the ossec.conf. I'll have to go through the source to find out what the error is complaining about. > response is being use? Should I comment it to off it? > You should ask your administrator if they disabled it, either during or post installation. It doesn't look like it, based on the ossec.conf. Is ossec-execd running? > Regards, > Frwa. > > On Tuesday, January 28, 2014 8:36:50 PM UTC+8, dan (ddpbsd) wrote: >> >> On Mon, Jan 27, 2014 at 11:29 PM, frwa onto <[email protected]> wrote: >> > Dear All, >> > I saw this in my log file of ossec. For my case its >> > /var/www/log >> > not logs. How to change this ? >> > >> >> These configurations are in /var/ossec/etc/ossec.conf on the system >> generating the errors. >> >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> > ignoring it: '/var/log/authlog'. >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> > ignoring it: '/var/log/xferlog'. >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> > ignoring it: '/var/www/logs/access_log'. >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> > ignoring it: '/var/www/logs/error_log'. >> > >> > Also saw this. How to configure the system audit file is it a must here? >> > >> > 2014/01/24 23:48:03 ossec-analysisd: INFO: No Hostname in the white list >> > for >> > active reponse. >> > 2014/01/24 23:48:03 ossec-analysisd: INFO: Started (pid: 1925). >> > 2014/01/24 23:48:03 ossec-rootcheck: System audit file not configured. >> > >> >> What is your rootcheck configuration? What OS is the system generating >> the error? >> >> > Another error I saw was this. >> > >> > 2014/01/20 20:10:46 ossec-analysisd(1210): ERROR: Queue >> > '/queue/alerts/ar' >> > not accessible: 'Connection refused'. >> > 2014/01/20 20:10:46 ossec-analysisd(1301): ERROR: Unable to connect to >> > active response queue. >> > >> >> Are you using active response? >> >> > I need help on these few errors which I see and what I should avoid ? >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
