On Wed, Aug 1, 2012 at 10:08 PM, Steve Kieu <msh.comput...@gmail.com> wrote: > Probably can not ln it as the format of teh merge.mg is different from the > normal xml config file, part of it is xml containing the config section and > other part is not. > > I am confused. What ossec is use the merged.mg file for and why it is not > picked up. >
merged.mg should get split into a number of files, one of them being the current agent.conf. Did that happen? > > > On Thu, Aug 2, 2012 at 12:05 PM, Steve Kieu <msh.comput...@gmail.com> wrote: >>>> >>>> >>>> Try blanking the merged.mg. >>> >>> >>> Looks like it does the trick. I cp /dev/null into it and then restart >>> both - after restarting the file is populated with datra again pushed from >>> the server in that section for the client name. >>> >>> Need to wait or do some testing to see if it is actually using that merge >>> file for the config as I still do not see in the log that monitor these >>> entry yet (in the merged.mg file) >>> >> >> >> So it has thing pushed to merge.mg file but it is not picked up. I >> manually run >> >> bin/agent_control -r -a >> >> in the server and wait for a while, the in the client log it says: >> >> 2012/08/02 11:58:13 ossec-rootcheck: INFO: Starting rootcheck scan. >> 2012/08/02 11:58:13 ossec-rootcheck: No rootcheck_files file configured. >> 2012/08/02 11:58:13 ossec-rootcheck: No rootcheck_trojans file configured. >> 2012/08/02 11:59:09 ossec-rootcheck: INFO: Ending rootcheck scan. >> 2012/08/02 12:04:09 ossec-rootcheck: INFO: Starting rootcheck scan. >> 2012/08/02 12:04:09 ossec-rootcheck: No rootcheck_files file configured. >> 2012/08/02 12:04:09 ossec-rootcheck: No rootcheck_trojans file configured >> >> Obviously I saw all it is configure in the merge.pg file. Do we need to >> sym link it to ossec.conf file? >> >> >> >> >> >>> >>> >>> >>> -- >>> Steve Kieu >> >> >> >> >> -- >> Steve Kieu > > > > > -- > Steve Kieu
