Hi,
I've removed all syscheck configs from agent.conf (also from
ossec-agent.conf).
My conf looks like this:
<agent_config os="Linux">
<!-- Files to monitor (localfiles) -->
<localfile>
<log_format>syslog</log_format>
<location>/var/log/messages</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/secure</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/maillog</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/error_log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/access_log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
</agent_config>
When I start the agent I get:
ossec-syscheckd: WARN: Syscheck disabled.
(...)
ossec-syscheckd: INFO: Started (pid: 24096).
ossec-rootcheck: INFO: Started (pid: 24096).
So, it says syscheck is disabled, but it starts anyway.
My goal its to disable it.
Any ideas?
Thank you for your time.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
