Hi Dan Thanks your help. I removed <localfiles> entries in ossec.conf on client and server and apparently this working as expected.
One more doubt, Will I remove it in all clients that I just want SysCheck (FIM)? Em quinta-feira, 11 de setembro de 2014 08h17min31s UTC-3, dan (ddpbsd) escreveu: > > On Wed, Sep 10, 2014 at 3:55 PM, Macaulay Dias Souza > <[email protected] <javascript:>> wrote: > > Yes Dan, I have a FIM project and OSSEC was chosen. > > > > I understand, just thought it was odd. > > > I will need delete the rules files? > > > > Nope, don't delete the rules files. When you originally did that, > weren't there complaints about the missing rules files in the > ossec.log? Remove the localfiles entries. Disable active response. > > > Em quarta-feira, 10 de setembro de 2014 16h31min31s UTC-3, kinomakino > > escreveu: > >> > >> bad thing ... xD > >> > >> > >> > >> Generally ossec not start when the configuration file (ossec.conf) > there > >> is a syntax error. > >> > >> well if you look closed brackets, / etc. > >> > >> if you do not give the matter, send the file contents to see if anyone > can > >> help. > >> > >> > >> > >> luck > >> > >> > >> > >> ________________________________ > >> > >> De: [email protected] [mailto:[email protected]] En > nombre > >> de Macaulay Dias Souza > >> Enviado el: miércoles, 10 de septiembre de 2014 21:19 > >> Para: [email protected] > >> > >> > >> Asunto: Re: [ossec-list] How use only FIM - Syscheck > >> > >> > >> > >> Hi Kinomakino, > >> > >> > >> > >> Thanks your help. I deleted the section if rulez in my ossec.conf, but > >> after this I cant up OSSEC Server > >> > >> Em quarta-feira, 10 de setembro de 2014 09h35min36s UTC-3, kinomakino > >> escreveu: > >> > >> Yes. Only delete this sections on the ossec.conf file > >> > >> Enviado desde mi iPhone > >> > >> > >> El 10/09/2014, a las 13:52, "Macaulay Dias Souza" > >> <[email protected]> escribió: > >> > >> Hi guys, > >> > >> > >> > >> You can work with OSSEC running just to check the integrity of my files > / > >> folders? > >> > >> > >> > >> My costumer dont need for exemple: HIDS, Rootscan, Activity-Response. > >> Maybe Syslog > >> > >> > >> > >> SSBr | Strong Security Brasil | Macaulay Dias | Dpto. Técnico | Tel. > +55 > >> 11 2897 1566 Ramal 3030 | Cel. +55 11 95351 6793 | > >> [email protected] <javascript:> > >> > >> > >> > >> As informações contidas nesta mensagem são CONFIDENCIAIS e protegidas > pelo > >> sigilo legal. A divulgação, distribuição ou reprodução do teor deste > >> documento depende de autorização do emissor. Caso V. Sa. não seja o > >> destinatário, preposto, ou a pessoa responsável pela entrega desta > mensagem, > >> fica, desde já, notificado que qualquer divulgação, distribuição ou > >> reprodução é estritamente proibida, sujeitando-se o infrator às sanções > >> legais. Caso esta comunicação tenha sido recebida por engano, favor nos > >> avisar imediatamente, respondendo esta mensagem. The information > contained > >> in this message is CONFIDENTIAL. If the reader of this transmittal is > not > >> the intended recipient or an agent responsible for delivering it, you > are > >> hereby notified that you have received this communication in error, and > that > >> any dissemination, distribution, retention or copy of this > communication is > >> strictly prohibited. In this case, please immediately reply this > message to > >> the sender. > >> > >> Antes de imprimir pense em seu compromisso com o Meio Ambiente. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
