Dear Dan,
Thank you for all the help rendered and cleared my doubts.
What is the extreme action can AR take just lock down for 10 minutes? Is
there any other disadvantages of AR?
Regards,
Frwa.
On Tuesday, January 28, 2014 12:29:29 PM UTC+8, frwa onto wrote:
>
> Dear All,
> I saw this in my log file of ossec. For my case its
> /var/www/log not logs. How to change this ?
>
> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available,
> ignoring it: '/var/log/authlog'.
> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available,
> ignoring it: '/var/log/xferlog'.
> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available,
> ignoring it: '/var/www/logs/access_log'.
> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available,
> ignoring it: '/var/www/logs/error_log'.
>
> Also saw this. How to configure the system audit file is it a must here?
>
> 2014/01/24 23:48:03 ossec-analysisd: INFO: No Hostname in the white list
> for active reponse.
> 2014/01/24 23:48:03 ossec-analysisd: INFO: Started (pid: 1925).
> 2014/01/24 23:48:03 ossec-rootcheck: System audit file not configured.
>
> Another error I saw was this.
>
> 2014/01/20 20:10:46 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar'
> not accessible: 'Connection refused'.
> 2014/01/20 20:10:46 ossec-analysisd(1301): ERROR: Unable to connect to
> active response queue.
>
> I need help on these few errors which I see and what I should avoid ?
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
