Not sure if this is related, but also on the same server, OSSEC is not
alerting on file deletions and new files, whether the new files are
empty or not.
--
fini
On 2015-01-24 18:24, [email protected] wrote:
I'm testing OSSEC on a FreeBSD 10.1 server and getting some errors
that I'm not sure what they indicate. And googling hasn't helped.
Like this:
<!--
ossec-analysisd(1103): ERROR: Unable to open file
'/queue/rootcheck/rootcheck'.
ossec-analysisd: Error handling rootcheck database.
ossec-rootcheck: INFO: Ending rootcheck scan.
ossec-rootcheck: DEBUG: Leaving run_rk_check
-->
And this:
<!--
ossec-monitord: INFO: (unix_domain) Maximum send buffer set to: '6400'.
ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
ossec-syscheckd: INFO: Starting syscheck database (pre-scan).
ossec-analysisd(1103): ERROR: Unable to open file
'/queue/rootcheck/rootcheck'.
ossec-analysisd: Error handling rootcheck database
-->
This is a local installation. Any hints?
TIA
--
fini
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
