On Fri, Sep 12, 2014 at 3:31 PM, cracksub <[email protected]> wrote: > Yes, when is starting ossec appear that in ossec.log, In addition to that > nothing happen when i try ti test the realtime feature. > > El viernes, 12 de septiembre de 2014 15:25:15 UTC-4, dan (ddpbsd) escribió: >> >> On Fri, Sep 12, 2014 at 3:23 PM, diego subero <[email protected]> wrote: >> > Hi everybody, >> > >> > >> > Recently im installed ossec 2.8.1, but i have a problem with a real-time >> > check, >> > >> > i have in my server this: >> > >> > - Debian 7.3 >> > - inotify-tools >> > >> > process running: >> > >> > ossec-monitord is running... >> > ossec-logcollector is running... >> > ossec-syscheckd is running... >> > ossec-analysisd is running... >> > ossec-maild is running... >> > ossec-execd is running... >> > >> > >> > in my ossec.conf put that: >> > >> > --- >> > <alert_new_files>yes</alert_new_files> >> > <directories realtime="yes" report_changes="yes" >> > check_all="yes">/var$ >> > --- >> > >> > But when i starting ossec in the ossec.log appear that: >> > >> > 2014/09/10 23:13:50 ossec-syscheckd: INFO: Starting syscheck database >> > (pre-scan).
I don't think this message is an error, I think it's just informational. I haven't messed with realtime in a while, but I thought there was a message about it starting at some point after this message. >From an extremely quick google search, it looks like this message follows the "Ending syscheck scan..." log message for some people: ossec-syscheckd: INFO: Starting real time file monitoring. >> > 2014/09/10 23:19:27 ossec-syscheckd: INFO: Initializing real time file >> > monitoring (not started). >> > >> >> Does it produce an error or something that makes you think it never >> starts? >> >> > im looking information but nothing working, somebody have the same >> > issue? >> > >> > thanks a lot. >> > >> > >> > -- >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
