'[ossec-list] RE : [ossec-list] Re: No alerts with Syscheck ?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    [ossec-list] RE : [ossec-list] Re: No alerts with Syscheck ?
From:       "Fred" <sfred92 () free ! fr>
Date:       2006-12-21 14:16:40
Message-ID: 000401c7250a$a7913300$2186940a () FULCRUM
[Download RAW message or body]


Hello Daniel,
Hello everybody,

Much sorry for delay too, but I've been very busy these last weeks. And
thank you for your reply.

So, to answer your questions:

	- OSSEC version is currently. I'm going to upgrade to 0.9-3 today.
	- OS machines on which OSSEC is installed: AIX 5.2, Linux Red Hat
Enterprise 3, Linux RHE 4
	- directory "/var/ossec/queue/syscheck/" on server is empty !

On one OSSEC Agent, I put during one month following parameters:

	- syscheck.debug=2
	- agent.debug=1

And there is absolutly nothing in logs regarding syscheck or agent
failures...??

Well, I'm going to upgrade all agents and server, and keep you posted.
Meanwhile, if someone had an idea, that would be cool !!

Other thing that can help: there are 14 agents installed, and none of these
14 agents report something on syscheck. So, 2 solutions:

	- either problem come from OSSEC Server
	- or problem come from OSSEC Agents, because I repeat same error on
the 14 installations. But which error then ?

Thanks very much.

Fred


-----Original Message-----
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Daniel Cid
Sent: Friday, November 10, 2006 3:01 AM
To: ossec-list@googlegroups.com
Cc: ossec-list@ossec.net
Subject: [ossec-list] Re: No alerts with Syscheck ?


Hi Fred,

Sorry by the delay replying to you. Are these agents on Windows or Linux? If
you
look at the server, these should be one file for each agent at the
/var/ossec/queue/syscheck/ directory. Do you see anything in there?
Btw,
we fixed many bugs on the latest version, so upgrading to 0.9-3 may help.

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 11/3/06, Fred <sfred92@free.fr> wrote:
>
>
> Hi everybody,
>
> I have 14 OSSEC Agents, version 0.9.2. On each of them Syscheck is
"heavily"
> configured (checking "all" on many directories). But no alerts yet, after
> several weeks.
>
> So, I would like to know how to check what's wrong:
>
>     - I put sysckeck debugging to 1 for some agents
>     - where should be stored checksum database (agent, server, which file)
?
> If database doesn't exist, what could be the problem ?
>     - .....?
>
> In Agents and Server logs, I don't have any errors, and other alerts are
ok.
>
> Thanks very much.
>
> Fred
>
>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic