.(agent_name) agent_ip->syscheck.cpt If I remember it correctly this is a hidden file that OSSEC users to identify when the syscheck database, when it has finished writing into the syscheck file.
"cpt" file extension stands for completed, meaning that syscheck scan has finished. This is on top of my mind, so I might be wrong (although I don't think by far). On Thu, Feb 25, 2016 at 11:18 AM, dan (ddp) <[email protected]> wrote: > On Thu, Feb 25, 2016 at 6:28 AM, Joao T. <[email protected]> wrote: > > Hi team, > > > > Agents are name like '(agent_name) agent_ip->syscheck', right? > > > > Sometimes I meet with a file with these files in my syscheck folder: > > > >> (agent_name) agent_ip->syscheck-registry > > This is for the registry checks. Sometimes ossec makes it for > non-windows systems. I don't know why. > > >> .(agent_name) agent_ip->syscheck.cpt > > > > Not sure what this is off hand. > > > > > What are they exactly? Are they just internal temporally files? Should I > > ignore them? > > > > And could someone confirm what name should have the syscheck database for > > the server (or manager) ? > > > > Mine is called "syscheck" (/var/ossec/queue/syscheck/syscheck). > > > Thanks team! > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
