Dear Dan,
You said look into ossec.conf what to look to diagnose this ?
I am the one setup during setup it did not ask for active response
activation? How to decide based on the ossec.conf that the active response
is on or off ? The ossec-execd is running . Yes this file
exist /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt how you want me to test
it ?
Regards,
Frwa.
On Wednesday, January 29, 2014 8:44:01 PM UTC+8, dan (ddpbsd) wrote:
>
> On Tue, Jan 28, 2014 at 10:43 PM, frwa onto <[email protected]<javascript:>>
> wrote:
> > Dear Dan,
> > I have attached my ossec.conf file. Yes for the first
> problem
> > I have known where the settings for the /var/www/log/access_log and
>
> Then I'm not sure why you asked how to change the entries.
>
> > error_log. For your next question I am not sure how you determine the
> rook
> > check? I am using Centos 6.5 (Final). Also how to determine if the
> active
>
> You look in the ossec.conf. I'll have to go through the source to find
> out what the error is complaining about.
>
> > response is being use? Should I comment it to off it?
> >
>
> You should ask your administrator if they disabled it, either during
> or post installation.
> It doesn't look like it, based on the ossec.conf.
> Is ossec-execd running?
>
> > Regards,
> > Frwa.
> >
> > On Tuesday, January 28, 2014 8:36:50 PM UTC+8, dan (ddpbsd) wrote:
> >>
> >> On Mon, Jan 27, 2014 at 11:29 PM, frwa onto <[email protected]> wrote:
> >> > Dear All,
> >> > I saw this in my log file of ossec. For my case its
> >> > /var/www/log
> >> > not logs. How to change this ?
> >> >
> >>
> >> These configurations are in /var/ossec/etc/ossec.conf on the system
> >> generating the errors.
> >>
> >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not
> available,
> >> > ignoring it: '/var/log/authlog'.
> >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not
> available,
> >> > ignoring it: '/var/log/xferlog'.
> >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not
> available,
> >> > ignoring it: '/var/www/logs/access_log'.
> >> > 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not
> available,
> >> > ignoring it: '/var/www/logs/error_log'.
> >> >
> >> > Also saw this. How to configure the system audit file is it a must
> here?
> >> >
> >> > 2014/01/24 23:48:03 ossec-analysisd: INFO: No Hostname in the white
> list
> >> > for
> >> > active reponse.
> >> > 2014/01/24 23:48:03 ossec-analysisd: INFO: Started (pid: 1925).
> >> > 2014/01/24 23:48:03 ossec-rootcheck: System audit file not
> configured.
> >> >
> >>
> >> What is your rootcheck configuration? What OS is the system generating
> >> the error?
> >>
> >> > Another error I saw was this.
> >> >
> >> > 2014/01/20 20:10:46 ossec-analysisd(1210): ERROR: Queue
> >> > '/queue/alerts/ar'
> >> > not accessible: 'Connection refused'.
> >> > 2014/01/20 20:10:46 ossec-analysisd(1301): ERROR: Unable to connect
> to
> >> > active response queue.
> >> >
> >>
> >> Are you using active response?
> >>
> >> > I need help on these few errors which I see and what I should avoid ?
> >> >
> >> > --
> >> >
> >> > ---
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "ossec-list" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send
> >> > an
> >> > email to [email protected].
> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
