Can you see other alerts coming from your agent on the WUI? Try to grep your agent name in /var/ossec/logs/alerts/alerts.log.
Remember to Add your web server user (apache, www or nobody) to the ossec group. On Thu, Nov 17, 2016 at 10:55 AM, Arthur Hidalgo <[email protected]> wrote: > yes, OSSEC WUI. > > The agent is connected. So, if I go on the VM, the agent would have to > detect on intrusion of me. > > Le jeudi 17 novembre 2016 08:05:15 UTC+1, Arthur Hidalgo a écrit : >> >> Hi! >> >> I have installed OSSEC agents on RedHat VM.But I have not see the >> intrusion alerts on the Web. On RedHat VM, the intrusion logs are in the >> file :"../var/log/secure"". >> This is the config on "ossec.conf": >> <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories> >> <directories check_all="yes">/bin,/sbin</directories> >> . >> . >> . >> <localfile> >> <log_format>syslog</log_format> >> <location>/var/log/secure</location> >> </localfile> >> >> Regards, >> >> Arthur. >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
