@dan - is there problems if Mr. @Gardner deactivate "ossec-monitord, ossec-logcollector, ossec-analysisd and ossec-execd" in ossec-control startup script ? maybe he asking for that. i did try this in the past but i remember that ossec-syscheckd log showed "queue not accessible erro", i guess =]
On Thu, Mar 2, 2017 at 4:44 PM, dan (ddp) <[email protected]> wrote: > On Thu, Mar 2, 2017 at 2:33 PM, Sam Gardner <[email protected]> wrote: > > Hi All - > > > > I'd like to run only the syscheck subsystem in order to provide FIM. > > > > I don't see anything in the docs that immediately appears to do what I > want > > - is there any way to run syscheckd in "standalone" mode or only > alongside > > analysisd? > > > > Remove the localfile configurations. Disable active response. Disable > rootcheck (if that's not something you want). > > > Thanks, > > Sam Gardner > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Noilson Caio Teixeira de Araújo https://ncaio.wordpress.com https://br.linkedin.com/in/ncaio https://twitter.com/noilsoncaio https://jammer4.wordpress.com/ http://8bit.academy -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
