I ran the verify agent tool, It did not return any errors
On Friday, April 15, 2016 at 8:26:47 PM UTC+3, joe.co...@wazuh.com wrote: > > Also try using verify-agent-conf. It might help with trouble shooting. > > http://ossec-docs.readthedocs.org/en/latest/programs/verify-agent-conf.html > > On Friday, April 15, 2016 at 8:08:23 AM UTC-4, Pedro S wrote: >> >> I have reproduced your configuration on my labs, rootcheck is not >> starting again. Could you re-verify that agent.conf file is right on your >> agent? >> >> On Thursday, April 14, 2016 at 2:38:47 PM UTC+2, eyal gershon wrote: >>> >>> 2016/04/14 06:03:17 ossec-rootcheck: INFO: Started (pid: 30101). >>> 2016/04/14 06:06:05 ossec-rootcheck: INFO: Starting rootcheck scan. >>> 2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_files file configured. >>> 2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_trojans file >>> configured. >>> 2016/04/14 06:17:38 ossec-rootcheck: INFO: Ending rootcheck scan. >>> >>> The start of the scan is right after the restart of the ossed-hids >>> restart from the original post >>> >>> On Thursday, April 14, 2016 at 2:57:36 PM UTC+3, dan (ddpbsd) wrote: >>>> >>>> On Thu, Apr 14, 2016 at 6:27 AM, eyal gershon <gersh...@gmail.com> >>>> wrote: >>>> > Hey, >>>> > >>>> > I tried to disabled the rootcheck on one of the servers. >>>> > I have added the following line to the agent.conf file - >>>> > >>>> > <rootcheck> >>>> > <disabled>yes</disabled> >>>> > </rootcheck> >>>> > >>>> > and after I am restarting the service I get the following output - >>>> > Starting ossec-hids: 2016/04/14 06:16:27 ossec-rootcheck: Rootcheck >>>> > disabled. Exiting. >>>> > ossec-syscheckd: WARN: Rootcheck module disabled. >>>> > >>>> > and a few min later I see in the logs that the rootcheck is running >>>> again. >>>> > any one have an idea why did I miss? >>>> > >>>> >>>> Which log messages are you seeing specifically? >>>> >>>> > -- >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "ossec-list" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> > email to ossec-list+...@googlegroups.com. >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.