this is the problem, when syscheck ends, ( maybe 20 min in pre-scan) finanlly just show ending syschek. i will try to reinstall again.
El viernes, 12 de septiembre de 2014 15:44:59 UTC-4, dan (ddpbsd) escribió: > > On Fri, Sep 12, 2014 at 3:31 PM, cracksub <[email protected] > <javascript:>> wrote: > > Yes, when is starting ossec appear that in ossec.log, In addition to > that > > nothing happen when i try ti test the realtime feature. > > > > El viernes, 12 de septiembre de 2014 15:25:15 UTC-4, dan (ddpbsd) > escribió: > >> > >> On Fri, Sep 12, 2014 at 3:23 PM, diego subero <[email protected]> > wrote: > >> > Hi everybody, > >> > > >> > > >> > Recently im installed ossec 2.8.1, but i have a problem with a > real-time > >> > check, > >> > > >> > i have in my server this: > >> > > >> > - Debian 7.3 > >> > - inotify-tools > >> > > >> > process running: > >> > > >> > ossec-monitord is running... > >> > ossec-logcollector is running... > >> > ossec-syscheckd is running... > >> > ossec-analysisd is running... > >> > ossec-maild is running... > >> > ossec-execd is running... > >> > > >> > > >> > in my ossec.conf put that: > >> > > >> > --- > >> > <alert_new_files>yes</alert_new_files> > >> > <directories realtime="yes" report_changes="yes" > >> > check_all="yes">/var$ > >> > --- > >> > > >> > But when i starting ossec in the ossec.log appear that: > >> > > >> > 2014/09/10 23:13:50 ossec-syscheckd: INFO: Starting syscheck database > >> > (pre-scan). > > I don't think this message is an error, I think it's just > informational. I haven't messed with realtime in a while, but I > thought there was a message about it starting at some point after this > message. > > From an extremely quick google search, it looks like this message > follows the "Ending syscheck scan..." log message for some people: > ossec-syscheckd: INFO: Starting real time file > monitoring. > > >> > 2014/09/10 23:19:27 ossec-syscheckd: INFO: Initializing real time > file > >> > monitoring (not started). > >> > > >> > >> Does it produce an error or something that makes you think it never > >> starts? > >> > >> > im looking information but nothing working, somebody have the same > >> > issue? > >> > > >> > thanks a lot. > >> > > >> > > >> > -- > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
