On Thu, Sep 11, 2014 at 11:23 AM, Macaulay Dias Souza <[email protected]> wrote: > Hi Dan Thanks your help. > > I removed <localfiles> entries in ossec.conf on client and server and > apparently this working as expected. > > One more doubt, Will I remove it in all clients that I just want SysCheck > (FIM)? >
If you do not want the system to monitor log files, do not configure it to monitor log files. > Em quinta-feira, 11 de setembro de 2014 08h17min31s UTC-3, dan (ddpbsd) > escreveu: >> >> On Wed, Sep 10, 2014 at 3:55 PM, Macaulay Dias Souza >> <[email protected]> wrote: >> > Yes Dan, I have a FIM project and OSSEC was chosen. >> > >> >> I understand, just thought it was odd. >> >> > I will need delete the rules files? >> > >> >> Nope, don't delete the rules files. When you originally did that, >> weren't there complaints about the missing rules files in the >> ossec.log? Remove the localfiles entries. Disable active response. >> >> > Em quarta-feira, 10 de setembro de 2014 16h31min31s UTC-3, kinomakino >> > escreveu: >> >> >> >> bad thing ... xD >> >> >> >> >> >> >> >> Generally ossec not start when the configuration file (ossec.conf) >> >> there >> >> is a syntax error. >> >> >> >> well if you look closed brackets, / etc. >> >> >> >> if you do not give the matter, send the file contents to see if anyone >> >> can >> >> help. >> >> >> >> >> >> >> >> luck >> >> >> >> >> >> >> >> ________________________________ >> >> >> >> De: [email protected] [mailto:[email protected]] En >> >> nombre >> >> de Macaulay Dias Souza >> >> Enviado el: miércoles, 10 de septiembre de 2014 21:19 >> >> Para: [email protected] >> >> >> >> >> >> Asunto: Re: [ossec-list] How use only FIM - Syscheck >> >> >> >> >> >> >> >> Hi Kinomakino, >> >> >> >> >> >> >> >> Thanks your help. I deleted the section if rulez in my ossec.conf, but >> >> after this I cant up OSSEC Server >> >> >> >> Em quarta-feira, 10 de setembro de 2014 09h35min36s UTC-3, kinomakino >> >> escreveu: >> >> >> >> Yes. Only delete this sections on the ossec.conf file >> >> >> >> Enviado desde mi iPhone >> >> >> >> >> >> El 10/09/2014, a las 13:52, "Macaulay Dias Souza" >> >> <[email protected]> escribió: >> >> >> >> Hi guys, >> >> >> >> >> >> >> >> You can work with OSSEC running just to check the integrity of my files >> >> / >> >> folders? >> >> >> >> >> >> >> >> My costumer dont need for exemple: HIDS, Rootscan, Activity-Response. >> >> Maybe Syslog >> >> >> >> >> >> >> >> SSBr | Strong Security Brasil | Macaulay Dias | Dpto. Técnico | Tel. >> >> +55 >> >> 11 2897 1566 Ramal 3030 | Cel. +55 11 95351 6793 | >> >> [email protected] >> >> >> >> >> >> >> >> As informações contidas nesta mensagem são CONFIDENCIAIS e protegidas >> >> pelo >> >> sigilo legal. A divulgação, distribuição ou reprodução do teor deste >> >> documento depende de autorização do emissor. Caso V. Sa. não seja o >> >> destinatário, preposto, ou a pessoa responsável pela entrega desta >> >> mensagem, >> >> fica, desde já, notificado que qualquer divulgação, distribuição ou >> >> reprodução é estritamente proibida, sujeitando-se o infrator às sanções >> >> legais. Caso esta comunicação tenha sido recebida por engano, favor nos >> >> avisar imediatamente, respondendo esta mensagem. The information >> >> contained >> >> in this message is CONFIDENTIAL. If the reader of this transmittal is >> >> not >> >> the intended recipient or an agent responsible for delivering it, you >> >> are >> >> hereby notified that you have received this communication in error, and >> >> that >> >> any dissemination, distribution, retention or copy of this >> >> communication is >> >> strictly prohibited. In this case, please immediately reply this >> >> message to >> >> the sender. >> >> >> >> Antes de imprimir pense em seu compromisso com o Meio Ambiente. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
