Best option appears to be installing the windows agent once and then
copying the installation from that to the other machines you want to
install it on. I have run into problems with running it as a service
after doing that though. ossec-agent.exe install-service seems to
work at first glance
Yes the directory exist :
ls -ld /var/ossec/queue/alerts/ar
drwxr-xr-x 2 ossec ossec 4096 2010-05-21 15:44 /var/ossec/queue/alerts/ar
i have tried with a file :
ls -l /var/ossec/queue/alerts/ar
-rwxr-xr-x 2 ossec ossec 4096 2010-05-21 15:44 /var/ossec/queue/alerts/ar
But the result is the same
T
What was the Server to agent ratio ? And does anyone have a complied HP Unix
agent I could try. Thank You
Christian L. Kovac
Sr Network Support Analyst
Information Technology & Project Management
Metro-North Railroad
ko...@mnr.org
212-499-4642
THINK GREEN q Do you really need to print th
I think the syscheck process will kick off sometime after the time it
is supposed to (either via frequency or scan_time/day), but how
quickly after that time depends on the system load and similar factors
(kind of like cron). I'll have to setup a scan_time/scan_day to see if
it's working for me, I
installed it on a clean fresh 10.04 system.
looks like you got it fixed!
thanks!
On Tue, May 18, 2010 at 11:16 AM, Charlie wrote:
> yes, will try it out later today!
> thanks!
>
>
> On Tue, May 18, 2010 at 7:01 AM, Daniel Cid wrote:
>
>> Hi Charlie,
>>
>> Thanks! Just fixed on the latest snaps
On 2010-05-20, BOUTROUILLE PASCAL wrote:
> 2010/05/17 23:27:26 agent_control(1210): ERROR: Queue '/queue/alerts/ar' not
> accessible: 'Queue not found'.
Well, I'd start from here. Does this directory exist? What are the
owner/group and permissions for it?
--
http://nk99.org/
I do not the scans run anymore, although I did not waited 6 hours (which I
understant is the default time) to see that.
When activated the scan_time and scan_day directives on server I disabled
frequency; should I have left it enabled?
Also, when frequency is enabled with 1800 sec. (30 min.) the
Hi everyone,
I have been testing OSSEC for 2 weeks now and I have done a lot of effort to
make it work and to understand it. Also, I have seen many people impressed by
this application and satisfied with what it delivers - I see that Daniel Cid is
active over the mail list as well as many other
Hi!
Well, I just deleted the old agent.conf on the agent at it receives a new
one. Now it works, but I don't know why.
My productive agent.conf looks a bit different to this simple example here
(of course ;-)
It's the same agent.conf for all agents. Some work some do not.
2010/5/20 dan (ddp)
>
