Re: [ossec-list] Agent Duplicate Folders Message

2016-10-14 Thread Kernel Panic
The server I'm using for testing went down, as soon as I get it back I'm gonna review it. Thank you very much for your help, relly appreciated Regards El viernes, 14 de octubre de 2016, 10:26:53 (UTC-3), dan (ddpbsd) escribió: > > On Fri, Oct 14, 2016 at 8:55 AM, Kernel Panic

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-14 Thread dan (ddp)
On Fri, Oct 14, 2016 at 8:55 AM, Kernel Panic wrote: > Taking a look in /var/ossec/logs/alerts I can see there are lots of things > registered, no related to the files I modified, but related to ssh login > failures, sudo stuff and the like but never get an e-mail with

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-14 Thread Kernel Panic
Taking a look in /var/ossec/logs/alerts I can see there are lots of things registered, no related to the files I modified, but related to ssh login failures, sudo stuff and the like but never get an e-mail with that report. Thank you very much for your time and support Regards El jueves, 13

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-14 Thread Kernel Panic
Hi there. I'm still getting one alert e-mail type 2 eventhough I modified/created some files under /etc am I missing something else in the configuration? This is the server coniguration. yes m...@company.com localhost oss...@server.com 100 yes 4096

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread Kernel Panic
Thank you! El jueves, 13 de octubre de 2016, 14:47:25 (UTC-3), dan (ddpbsd) escribió: > > On Thu, Oct 13, 2016 at 1:09 PM, Kernel Panic > wrote: > > Hi > > Does this still apply? > > I have this option enabled: yes along > > with the realtime=yes. > > > > From

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread dan (ddp)
On Thu, Oct 13, 2016 at 1:09 PM, Kernel Panic wrote: > Hi > Does this still apply? > I have this option enabled: yes along > with the realtime=yes. > > From another post on the list: >>In the past new files were not alerted in real time. I'm not sure if >>this has

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread Kernel Panic
Hi Does this still apply? I have this option enabled: yes along with the realtime=yes. >From another post on the list: >In the past new files were not alerted in real time. I'm not sure if >this has changed. Any of the developers know? Another question , by reading this

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread Kernel Panic
Thank you very much for your clarification, now it's much more clear to me!!! Regards El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) escribió: > > On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic > wrote: > > > > Hi > > Let's see, shouldn't I have to

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread dan (ddp)
On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic wrote: > > Hi > Let's see, shouldn't I have to configure on each tag to which directory I > want to apply it? as in check_all , directories, realtime and which > directories, or are they global parameters? that's why I

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread Kernel Panic
Hi Let's see, shouldn't I have to configure on each tag to which directory I want to apply it? as in check_all , directories, realtime and which directories, or are they global parameters? that's why I included home and root on both of them. /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread Kernel Panic
Hi Is this much better now? is realtime a global option ( realtime to all ) or do I have to tell on which directories I want the realtime monitoring? /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin /root,/home,/etc /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin Thank you very much

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-13 Thread Kernel Panic
Hi Ok, so , are those global variables ? I thought I had to specify for every tag to which directory I wan it to apply that configuration, that's why I included root and home on both, realtime and check_all. /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin /root,/home,/etc So, do I have to

Re: [ossec-list] Agent Duplicate Folders Message

2016-10-12 Thread dan (ddp)
On Oct 12, 2016 4:49 PM, "Kernel Panic" wrote: > > Hi there guys, > > When starting the agent I've get this info: > > Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800 > 2016/10/12 15:43:05

[ossec-list] Agent Duplicate Folders Message

2016-10-12 Thread Kernel Panic
Hi there guys, When starting the agent I've get this info: *Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800* 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory given: '/root'. 2016/10/12 15:43:05