On Mon, Jun 15, 2020 at 3:09 PM Scott Wozny <sawo...@gmail.com> wrote: > > I'm trying to get off the Atomic repo for a variety of reasons, so I just did > a 3.6.0 agent install from the tarball's script on a CentOS 7 minimal machine > to test the process and compatibility with my build tweaks. One of the > issues I had with the Atomic repo 3.3.0 package install was /var/ossec/logs > was of SELinux fcontext var_t rather than var_log_t which made those files > inaccessible on an enforcing machine to logrotate_t. An easy fix, but I > never got around to doing it. Now I see there is no ossec-hids script in > /etc/logrotate.d. Is this intentional (as in, I need to roll my own) or > could something have gone wrong during the install? I didn't see anything in > /var/log/messages or journalctl and /var/ossec/logs/ossec.log (the only file > in that directory) is empty. Is there anywhere that install results are > logged or am I just expected to go through the output after ./install.sh? > > Any assistance or suggestions would be appreciated. >
We don't include a log rotate script. We don't log anything in the install.sh (I usually tee it to a file when I'm curious). If ossec.log is empty, ossec probably isn't running. Or maybe an selinux issue? > Thanks, > > Scott > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/63ff1d8d-3877-48b4-b3c1-d558b4427219o%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMq0y6SB1EHeNaT7hZxh%2BvYaGXnrZRnn6VEQgvXo7vF93A%40mail.gmail.com.
