On Mar 6, 2017 11:16 AM, "Sam Gardner" wrote:
Once I turned on "alert_new_files" I started getting alerts - things appear
to be working now.
Is there any way to completely disable the logcollector daemon? We have
another process that does that job so no need to have that bit running -
removing t
Once I turned on "alert_new_files" I started getting alerts - things appear
to be working now.
Is there any way to completely disable the logcollector daemon? We have
another process that does that job so no need to have that bit running -
removing the "" section doesn't seem to do the trick.
On Fri, Mar 3, 2017 at 5:29 PM, Sam Gardner wrote:
> Thanks for the info - I'd like to explore what I can actually do with OSSEC
> and do my due diligence before exploring other options.
>
> I've spun up the following conf file and am running ossec-analysisd and
> ossec-syscheckd only - they seem
Thanks for the info - I'd like to explore what I can actually do with OSSEC
and do my due diligence before exploring other options.
I've spun up the following conf file and am running ossec-analysisd and
ossec-syscheckd only - they seem to be healthy, but I'm not getting any
thing in /var/ossec
you are correct. i think that not make sense ossec working only with
syscheck. thank's
On Fri, Mar 3, 2017 at 3:54 PM, dan (ddp) wrote:
> On Fri, Mar 3, 2017 at 7:17 AM, Noilson Caio wrote:
> > @dan - is there problems if Mr. @Gardner deactivate "ossec-monitord,
> > ossec-logcollector, ossec-an
On Fri, Mar 3, 2017 at 7:17 AM, Noilson Caio wrote:
> @dan - is there problems if Mr. @Gardner deactivate "ossec-monitord,
> ossec-logcollector, ossec-analysisd and ossec-execd" in ossec-control
> startup script ? maybe he asking for that. i did try this in the past but i
> remember that ossec-sys
@dan - is there problems if Mr. @Gardner deactivate "ossec-monitord,
ossec-logcollector, ossec-analysisd and ossec-execd" in ossec-control
startup script ? maybe he asking for that. i did try this in the past but i
remember that ossec-syscheckd log showed "queue not accessible erro", i
guess =]
On
On Thu, Mar 2, 2017 at 2:33 PM, Sam Gardner wrote:
> Hi All -
>
> I'd like to run only the syscheck subsystem in order to provide FIM.
>
> I don't see anything in the docs that immediately appears to do what I want
> - is there any way to run syscheckd in "standalone" mode or only alongside
> anal
Hi All -
I'd like to run only the syscheck subsystem in order to provide FIM.
I don't see anything in the docs that immediately appears to do what I want
- is there any way to run syscheckd in "standalone" mode or only alongside
analysisd?
Thanks,
Sam Gardner
--
---
You received this messa