hi guys, i encountered very urgent issue, any idea to solve it when i run system check on ossec agent after certain period:
error comes out: 2017/10/31 14:00:02 ossec-logcollector: INFO: Started (pid: 125256). 2017/10/31 14:00:32 ossec-syscheckd: INFO: Syscheck scan frequency: 7200 seconds 2017/10/31 14:01:02 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2017/10/31 14:01:02 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2017/10/31 14:01:02 ossec-syscheckd: INFO: Initializing real time file monitoring engine. 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, ignoring it: '/var/log/httpd/error_log'. 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, ignoring it: '/var/log/httpd/access_log'. 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, ignoring it: '/var/log/messages'. 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, ignoring it: '/var/log/secure'. 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, ignoring it: '/var/log/maillog'. 2017/10/31 14:17:59 ossec-agentd: INFO: Event count after '20000': 15348403->7890680 (51%) ^[[A2017/10/31 14:36:32 ossec-agentd: INFO: Event count after '20000': 15069192->7882200 (52%) 2017/10/31 14:53:14 ossec-agentd: INFO: Event count after '20000': 15773471->8163976 (51%) 2017/10/31 15:10:33 ossec-agentd: INFO: Event count after '20000': 15587516->8092856 (51%) 2017/10/31 15:28:04 ossec-agentd: INFO: Event count after '20000': 15509392->8065232 (52%) 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real time monitoring: '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz'. -1 28 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real time monitoring: '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz/feature'. -1 28 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real time monitoring: '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz/bugfix'. -1 28 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real time monitoring: '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/anthony'. -1 28 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real time monitoring: '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/anthony/feature'. -1 28 2017/10/31 15:31:54 ossec-syscheckd: ERROR: Unable to add directory to real time monitoring: '/var/lib/docker/overlay2/oss did i run out of ossec space, any idea about this error, how do i check the system check space and how to fix this bug? thank you so much -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
