Not sure if this helps but there are more spaces in the alert log, between the
word error and the : then in the decoder you posted.
Chris Hughes
Layer8 Consulting
(240)460-7283
On Jun 11, 2014, at 6:09 AM, PlaySeb59 wrote:
> Thanks for your help. A restart not resolve the problem.
>
> I have
On Wed, Jun 11, 2014 at 4:46 AM, Thomas Vidal wrote:
> Dear all,
>
> This is not clear for me how ossec.conf and agent.conf are working.
> Example of syscheck, if :
>
> In ossec.conf I have
>
>
> /toto
>
>
>
> And in agent.conf I have
>
>
> /titi
>
>
>
>
> /tutu
>
>
>
>
> What
*[RESOLVED]*
It's my fault. I wrote my decoder with the log that I copied from ossec wui.
But there are more spaces between "error" and ": Warning" on monit.log and
alerts.log
- On ossec wui: [CEST Jun 10 11:54:17] error : Warning: Client
'80.70.20.10' supplied unknown user 'monit' accessing mo
Thanks for your help. A restart not resolve the problem.
I have install on a virtual machine Monit and Ossec in order to test it on
an other system
but nothing change and I have the same problem.
I'll let you know if I find a solution.
Le mardi 10 juin 2014 17:27:13 UTC+2, dan (ddpbsd) a écrit
Dear all,
This is not clear for me how ossec.conf and agent.conf are working.
Example of syscheck, if :
In ossec.conf I have
/toto
And in agent.conf I have
/titi
/tutu
What will be the result for all servers, and for MYSERVER ?
Many thanks for your help, and have a nice da
