Hi Dan,
I enabled debugging and I dont seem to get a whole lot more logs out of it.
I had a few examples happen over the weekend. The issue is always for a
particular rule number that I have set to null route 30 minutes.
I did enable debugging from ossec-control enable debug.
I reviewed the oss
On Wed, Mar 13, 2013 at 6:47 PM, BP9906 wrote:
> Well thats the problem, I dont get any log entry on the OSSEC server AR log
> so I think I need a debug config enabled to verify it is triggering an AR.
> What config setting do I set to see that?
>
You can run "/var/ossec/bin/ossec-control enable
Well thats the problem, I dont get any log entry on the OSSEC server AR log
so I think I need a debug config enabled to verify it is triggering an AR.
What config setting do I set to see that?
On Wednesday, March 13, 2013 2:40:40 PM UTC-7, dan (ddpbsd) wrote:
>
> On Wed, Mar 13, 2013 at 4:43 PM,
On Wed, Mar 13, 2013 at 4:43 PM, BP9906 wrote:
> Good point.
> For clarity, my AR is set for server execution. It then launches a shell
> script that then loops through a set of servers in a LB pool to do a null
> route on those servers.
> I would then see the AR in the Ossec Server AR log and cli
Good point.
For clarity, my AR is set for server execution. It then launches a shell
script that then loops through a set of servers in a LB pool to do a null
route on those servers.
I would then see the AR in the Ossec Server AR log and client AR log.
I dont even see the AR log entry on the O
are you checking the right logs and do you have the ARs set for the right
place? Sometimes people forget the log entries will be in agents log files,
not the SERVER.
On Wednesday, March 13, 2013 10:56:34 AM UTC-7, BP9906 wrote:
>
> Hello,
> I recently upgraded my ossec server to 2.7 and everyth