On Apr 9, 2015 6:06 AM, "Ricardo Perre" <[email protected]> wrote: > > Hi, > > I've removed all syscheck configs from agent.conf (also from ossec-agent.conf). > My conf looks like this: > > <agent_config os="Linux"> > <!-- Files to monitor (localfiles) --> > <localfile> > <log_format>syslog</log_format> > <location>/var/log/messages</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/var/log/secure</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/var/log/maillog</location> > </localfile> > > <localfile> > <log_format>apache</log_format> > <location>/var/log/httpd/error_log</location> > </localfile> > > <localfile> > <log_format>apache</log_format> > <location>/var/log/httpd/access_log</location> > </localfile> > > <localfile> > <log_format>syslog</log_format> > <location>/var/ossec/logs/active-responses.log</location> > </localfile> > > </agent_config> > > When I start the agent I get: > ossec-syscheckd: WARN: Syscheck disabled. > (...) > ossec-syscheckd: INFO: Started (pid: 24096). > ossec-rootcheck: INFO: Started (pid: 24096). > > So, it says syscheck is disabled, but it starts anyway. > > My goal its to disable it. > > Any ideas? > Thank you for your time. > >
Remove it from the ossec-control script. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
