On Thu, Sep 11, 2014 at 11:23 AM, Macaulay Dias Souza
<[email protected]> wrote:
> Hi Dan Thanks your help.
>
> I removed <localfiles> entries in ossec.conf on client and server and
> apparently this working as expected.
>
> One more doubt, Will I remove it in all clients that I just want SysCheck
> (FIM)?
>

If you do not want the system to monitor log files, do not configure
it to monitor log files.

> Em quinta-feira, 11 de setembro de 2014 08h17min31s UTC-3, dan (ddpbsd)
> escreveu:
>>
>> On Wed, Sep 10, 2014 at 3:55 PM, Macaulay Dias Souza
>> <[email protected]> wrote:
>> > Yes Dan, I have a FIM project and OSSEC was chosen.
>> >
>>
>> I understand, just thought it was odd.
>>
>> > I will need delete the rules files?
>> >
>>
>> Nope, don't delete the rules files. When you originally did that,
>> weren't there complaints about the missing rules files in the
>> ossec.log? Remove the localfiles entries. Disable active response.
>>
>> > Em quarta-feira, 10 de setembro de 2014 16h31min31s UTC-3, kinomakino
>> > escreveu:
>> >>
>> >> bad thing ... xD
>> >>
>> >>
>> >>
>> >> Generally ossec not start when the configuration file (ossec.conf)
>> >> there
>> >> is a syntax error.
>> >>
>> >> well if you look closed brackets, / etc.
>> >>
>> >> if you do not give the matter, send the file contents to see if anyone
>> >> can
>> >> help.
>> >>
>> >>
>> >>
>> >> luck
>> >>
>> >>
>> >>
>> >> ________________________________
>> >>
>> >> De: [email protected] [mailto:[email protected]] En
>> >> nombre
>> >> de Macaulay Dias Souza
>> >> Enviado el: miércoles, 10 de septiembre de 2014 21:19
>> >> Para: [email protected]
>> >>
>> >>
>> >> Asunto: Re: [ossec-list] How use only FIM - Syscheck
>> >>
>> >>
>> >>
>> >> Hi Kinomakino,
>> >>
>> >>
>> >>
>> >> Thanks your help.  I deleted the section if rulez in my ossec.conf, but
>> >> after this I cant up OSSEC Server
>> >>
>> >> Em quarta-feira, 10 de setembro de 2014 09h35min36s UTC-3, kinomakino
>> >> escreveu:
>> >>
>> >> Yes. Only delete this sections on the ossec.conf file
>> >>
>> >> Enviado desde mi iPhone
>> >>
>> >>
>> >> El 10/09/2014, a las 13:52, "Macaulay Dias Souza"
>> >> <[email protected]> escribió:
>> >>
>> >> Hi guys,
>> >>
>> >>
>> >>
>> >> You can work with OSSEC running just to check the integrity of my files
>> >> /
>> >> folders?
>> >>
>> >>
>> >>
>> >> My costumer dont need for exemple: HIDS, Rootscan, Activity-Response.
>> >> Maybe Syslog
>> >>
>> >>
>> >>
>> >> SSBr | Strong Security Brasil | Macaulay Dias | Dpto. Técnico | Tel.
>> >> +55
>> >> 11 2897 1566 Ramal 3030 | Cel. +55 11 95351 6793 |
>> >> [email protected]
>> >>
>> >>
>> >>
>> >> As informações contidas nesta mensagem são CONFIDENCIAIS e protegidas
>> >> pelo
>> >> sigilo legal. A divulgação, distribuição ou reprodução do teor deste
>> >> documento depende de autorização do emissor. Caso V. Sa. não seja o
>> >> destinatário, preposto, ou a pessoa responsável pela entrega desta
>> >> mensagem,
>> >> fica, desde já, notificado que qualquer divulgação, distribuição ou
>> >> reprodução é estritamente proibida, sujeitando-se o infrator às sanções
>> >> legais. Caso esta comunicação tenha sido recebida por engano, favor nos
>> >> avisar imediatamente, respondendo esta mensagem. The information
>> >> contained
>> >> in this message is CONFIDENTIAL. If the reader of this transmittal is
>> >> not
>> >> the intended recipient or an agent responsible for delivering it, you
>> >> are
>> >> hereby notified that you have received this communication in error, and
>> >> that
>> >> any dissemination, distribution, retention or copy of this
>> >> communication is
>> >> strictly prohibited. In this case, please immediately reply this
>> >> message to
>> >> the sender.
>> >>
>> >> Antes de imprimir pense em seu compromisso com o Meio Ambiente.
>> >>
>> >> --
>> >>
>> >> ---
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "ossec-list" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> email to [email protected].
>> >> For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >>
>> >> ---
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "ossec-list" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> email to [email protected].
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to [email protected].
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to