On Sat, Feb 1, 2014 at 9:05 AM, frwa onto <[email protected]> wrote: > Dear Dan, > Thank you for all the help rendered and cleared my doubts. > What is the extreme action can AR take just lock down for 10 minutes? Is
AR can generally do what you configure it to do. > there any other disadvantages of AR? > A lot of events can consume a lot of resources. > Regards, > Frwa. > > > On Tuesday, January 28, 2014 12:29:29 PM UTC+8, frwa onto wrote: >> >> Dear All, >> I saw this in my log file of ossec. For my case its >> /var/www/log not logs. How to change this ? >> >> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> ignoring it: '/var/log/authlog'. >> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> ignoring it: '/var/log/xferlog'. >> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> ignoring it: '/var/www/logs/access_log'. >> 2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available, >> ignoring it: '/var/www/logs/error_log'. >> >> Also saw this. How to configure the system audit file is it a must here? >> >> 2014/01/24 23:48:03 ossec-analysisd: INFO: No Hostname in the white list >> for active reponse. >> 2014/01/24 23:48:03 ossec-analysisd: INFO: Started (pid: 1925). >> 2014/01/24 23:48:03 ossec-rootcheck: System audit file not configured. >> >> Another error I saw was this. >> >> 2014/01/20 20:10:46 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' >> not accessible: 'Connection refused'. >> 2014/01/20 20:10:46 ossec-analysisd(1301): ERROR: Unable to connect to >> active response queue. >> >> I need help on these few errors which I see and what I should avoid ? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
