hi all! Issue 1.
I have same problem when followed this tutorial https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ossec-security-notifications-on-ubuntu-14-04 ossec.conf <directories report_changes="yes" realtime="yes" check_all="yes"> /etc,/usr/bin,/usr/sbin</directories> <directories report_changes="yes" realtime="yes" check_all="yes">/bin,/sbin </directories> <directories report_changes="yes" realtime="yes" restrict= ".php|.js|.py|.sh|.html" check_all="yes">/home/freeman,/var/www </directories> override rule_id=554 at /rules/local_rules.xml <rule id="554" level="7" overwrite="yes"> <category>ossec</category> <decoded_as>syscheck_new_entry</decoded_as> <description>File added to the system.</description> <group>syscheck,</group> </rule> ossec.log 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/etc'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin' . 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/bin'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/home/freeeman'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/var/www'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Directory set for real time monitoring: '/etc'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Directory set for real time monitoring: '/usr/bin'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Directory set for real time monitoring: '/usr/sbin'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Directory set for real time monitoring: '/bin'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Directory set for real time monitoring: '/sbin'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Directory set for real time monitoring: '/home/freeman'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/www'. 2016/09/07 14:50:54 ossec-logcollector(1950): INFO: Analyzing file: '/etc/apache2/apache2.conf'. 2016/09/07 14:50:54 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/auth.log'. 2016/09/07 14:50:54 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/syslog'. 2016/09/07 14:50:54 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/dpkg.log'. 2016/09/07 14:50:54 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/apache2/error.log'. 2016/09/07 14:50:54 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/apache2/access.log'. 2016/09/07 14:50:54 ossec-logcollector: INFO: Monitoring output of command( 360): df -h 2016/09/07 14:50:54 ossec-logcollector: INFO: Monitoring full output of command(360): netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort 2016/09/07 14:50:54 ossec-logcollector: INFO: Monitoring full output of command(360): last -n 5 2016/09/07 14:50:54 ossec-logcollector: INFO: Started (pid: 29259). 2016/09/07 14:51:19 ossec-dbd: INFO: Started (pid: 29242). 2016/09/07 14:51:54 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2016/09/07 14:51:54 ossec-syscheckd: INFO: Starting syscheck database (pre- scan). 2016/09/07 14:51:54 ossec-syscheckd: INFO: Initializing real time file monitoring (not started). ----- Issue 2 I did not receive an email alert when appearing *Rule Id: 5501, 5502, 5503 and *31106 <http://www.ossec.net/doc/search.html?q=rule-id-31106> I have defined <localfile> on ossec.conf, It's show up on WebUI but not send email alert. <localfile> <log_format>apache</log_format> <location>/etc/apache2/apache2.conf</location> </localfile> <https://lh3.googleusercontent.com/-Hj6iBa_68_U/V8_KrncDPpI/AAAAAAAABVs/IsFyYLeFPxAq7JIRd4UB59XjSBiHLPv0gCLcB/s1600/Selection_046.png> <https://lh3.googleusercontent.com/-TQ6qChuT0uQ/V8_K0V8wo8I/AAAAAAAABVw/03PweBvRnYo2rrY0WqJmPBjJGArv9kwiQCLcB/s1600/Selection_045.png> Thanks and Regards, On Friday, 29 May 2015 19:47:24 UTC+7, [email protected] wrote: > > Hi > > I installed OSSEC in a Ubuntu 14.04 box but realtime monitoring is not > working for me. > > "In the logs i get this: 2015/05/29 14:00:40 ossec-syscheckd: INFO: > Initializing real time file monitoring (not started)." and it's like this > for the last 40 minutes. > > If i modify, add or delete a file i don't get any notification. > > I followed this tutorial > https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ossec-security-notifications-on-ubuntu-14-04 > > in case it helps. > > > 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/home/freeman'. 2016/09/07 14:50:52 ossec-syscheckd: INFO: Monitoring directory: '/var/www'. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
