Dear Dan,
Is it fine to monitor to every file from / onwards ? Thank
you.
On Wed, Sep 11, 2013 at 9:34 PM, dan (ddp) <[email protected]> wrote:
> On Tue, Sep 10, 2013 at 10:13 PM, frwa onto <[email protected]> wrote:
> > Dear Dan,
> > Hopefully its following the standard file. So can I say
> that
> > OSSSEC is not similar to AIDE as the later does monitoring on all files
> in
> > the system that is why initially it builds the checksum database right?
> > Thank you.
> >
>
> Look at the ossec.conf and decide for yourself.
>
> >
> > On Wed, Sep 11, 2013 at 2:59 AM, dan (ddp) <[email protected]> wrote:
> >>
> >> On Tue, Sep 10, 2013 at 2:54 PM, frwa onto <[email protected]> wrote:
> >> > Dear Dan,
> >> > Ok I think you are referring to this right.
> >> >
> >> > <!-- Files to monitor (localfiles) --> . So in my scenario which .conf
> >> > to
> >> > look into the one ossec.conf or ossec-server.conf?
> >> >
> >>
> >> The official file is ossec.conf. If the RPM does something silly with
> >> that, I wouldn't know. I continue to know nothing about the RPM.
> >>
> >> >
> >> > On Wed, Sep 11, 2013 at 2:40 AM, dan (ddp) <[email protected]> wrote:
> >> >>
> >> >> On Tue, Sep 10, 2013 at 2:34 PM, frwa onto <[email protected]>
> wrote:
> >> >> > Dear Dan,
> >> >> > My question is why the entry list of
> >> >> > /var/ossec/queue/syscheck/syscheck is so little. I am sure the
> total
> >> >> > files I
> >> >> > have in my system is more then this list am I right?
> >> >> >
> >> >>
> >> >> I don't know. Check the directories you have configured in the
> >> >> ossec.conf (<directories> entries in the <syscheck> section). Those
> >> >> are the directories containing the files listed in that db file. If
> >> >> you want something monitored, the directory must be defined in the
> >> >> ossec.conf.
> >> >>
> >> >> --
> >> >>
> >> >> ---
> >> >> You received this message because you are subscribed to a topic in
> the
> >> >> Google Groups "ossec-list" group.
> >> >> To unsubscribe from this topic, visit
> >> >> https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe
> .
> >> >> To unsubscribe from this group and all its topics, send an email to
> >> >> [email protected].
> >> >> For more options, visit https://groups.google.com/groups/opt_out.
> >> >
> >> >
> >> > --
> >> >
> >> > ---
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "ossec-list" group.
> >> > To unsubscribe from this group and stop receiving emails from it, send
> >> > an
> >> > email to [email protected].
> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >>
> >> --
> >>
> >> ---
> >> You received this message because you are subscribed to a topic in the
> >> Google Groups "ossec-list" group.
> >> To unsubscribe from this topic, visit
> >> https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe.
> >> To unsubscribe from this group and all its topics, send an email to
> >> [email protected].
> >> For more options, visit https://groups.google.com/groups/opt_out.
> >
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to [email protected].
> > For more options, visit https://groups.google.com/groups/opt_out.
>
> --
>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "ossec-list" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
