ANy one can provide some help? @Jesus Linares... the link you provided is
not helping much. It's for another issue.
On Wednesday, May 31, 2017 at 1:07:19 PM UTC+4, Jesus Linares wrote:
>
> https://groups.google.com/forum/#!topic/ossec-list/wcIE_EcDVxo
>
> On Tuesday, May 30, 2017 at 4:34:46 PM UT
Hi,
The URL you sent here contains files dated for 2010 year, I am not sure
what is "rootcheck 2.4" but I think it is OSSEC version 2.4.1, currently
the stable version is 2.9.
Rootcheck is included on the standard OSSEC Agent installation, you don't
need to install it as a "separate component".
Great! Good to know its working!
Thanks for coming back to tell us.
I believe we will develop a easier way to do this on the future, something
like "Disable Syscheck for 2h starting day 05/20/2017" for example, so we
can plan massive upgrades on a enterprise environment.
Best,
Pedro.
On Wed,
Hi, Pedro.
I tested it again few days ago. I followed the next steps:
1. Stop agent on the host.
2. update OS or what are you going to do?
3. run /var/ossec/bin/syscheck_control -u AGENT_ID - on the ossec-server
4. restart ossec-server ( In my case : systemct restart ossec-hids )
5. start
Hi All,
many thanks for the info so far.
Some further googling has given me some extra info too.
* it seems that the basic rootcheck configuration already exists via the
existing ossec client install
* I found this link
https://www.hivelocity.net/kb/how-to-install-rootcheck-on-the-server/
Thi
https://groups.google.com/forum/#!topic/ossec-list/wcIE_EcDVxo
On Tuesday, May 30, 2017 at 4:34:46 PM UTC+2, Akash Munjal wrote:
>
>
> Hi All,
>
> I am also facing the same problem.I am not getting alert of
> creation/deletion of file from windows agent
> to my manager(linux). Agent show connec
Hi,
check out the
documentation:
http://ossec-docs.readthedocs.io/en/latest/faq/syscheck.html#why-aren-t-new-files-creating-an-alert
Also, it is not a good idea to monitor all the partition:
- *report_changes *creates a snapshot in the agent for each change.
- *realtime *on Windows allow
Hi All,
I am also facing the same problem.I am not getting alert of
creation/deletion of file from windows agent
to my manager(linux). Agent show connected and active, I only get alert
from agent(win) is agent start/restart/change in ossec.conf(agent).
To monitor D:\ drive, I have done the fo