On Tue, Sep 10, 2013 at 10:13 PM, frwa onto <[email protected]> wrote: > Dear Dan, > Hopefully its following the standard file. So can I say that > OSSSEC is not similar to AIDE as the later does monitoring on all files in > the system that is why initially it builds the checksum database right? > Thank you. >
Look at the ossec.conf and decide for yourself. > > On Wed, Sep 11, 2013 at 2:59 AM, dan (ddp) <[email protected]> wrote: >> >> On Tue, Sep 10, 2013 at 2:54 PM, frwa onto <[email protected]> wrote: >> > Dear Dan, >> > Ok I think you are referring to this right. >> > >> > <!-- Files to monitor (localfiles) --> . So in my scenario which .conf >> > to >> > look into the one ossec.conf or ossec-server.conf? >> > >> >> The official file is ossec.conf. If the RPM does something silly with >> that, I wouldn't know. I continue to know nothing about the RPM. >> >> > >> > On Wed, Sep 11, 2013 at 2:40 AM, dan (ddp) <[email protected]> wrote: >> >> >> >> On Tue, Sep 10, 2013 at 2:34 PM, frwa onto <[email protected]> wrote: >> >> > Dear Dan, >> >> > My question is why the entry list of >> >> > /var/ossec/queue/syscheck/syscheck is so little. I am sure the total >> >> > files I >> >> > have in my system is more then this list am I right? >> >> > >> >> >> >> I don't know. Check the directories you have configured in the >> >> ossec.conf (<directories> entries in the <syscheck> section). Those >> >> are the directories containing the files listed in that db file. If >> >> you want something monitored, the directory must be defined in the >> >> ossec.conf. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to a topic in the >> >> Google Groups "ossec-list" group. >> >> To unsubscribe from this topic, visit >> >> https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe. >> >> To unsubscribe from this group and all its topics, send an email to >> >> [email protected]. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
