On Feb 22, 2016 6:18 AM, "Barry Kaplan" <[email protected]> wrote: > > Hmm, ok. On clients there are entries in active-response.log (eg, firewall-drop.sh). But on the server alerts.log there is no trace of those. If I understand the rules correctly they should be there. I don't see any errors in the ossec.log on client or server. > > What's the best way to debug this? Just up the log level to DEBUG? >
Ossec does not watch the ar log file by default. If you have not added a localfile config option to monitor thatthat file, add it and restart the agent processes. > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
