i’m playing around with ossec 2.6. i’m trying to set up server for agentless monitoring of multiple linux boxes.
after installation [where i answered no for most of the question] i’ve run into the following problem:
pQd-ossec:/usr/src/ossec-hids-2.6# /opt/ossec/bin/ossec-control start Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... OSSEC analysisd: Testing rules failed. Configuration error. Exiting. Started ossec-maild... Started ossec-execd... Started ossec-analysisd... Started ossec-logcollector... Started ossec-remoted... 2011/12/28 16:39:57 ossec-syscheckd(1702): INFO: No directory provided for syscheck to monitor. Segmentation fault
to make things work and not segfault on config generated by the installer i had to modify /opt/ossec/etc/ossec.conf and add:
<syscheck>
<directories check_all="yes">/etc</directories>
</syscheck>
I am using OSSEC for local network sucerity and i am finding it weary useful!I am aver that you have lots of questions about similar problems but i am left out of options so i need to ask you directly.I am building decoder and i am having problem with date format. Problem is in letter t in date format. so if you can advise me where to look or give me regex for this date format i would be greatly thankful.Thank you in advance.Gojko
what’s the date format?
You can also use to disable syscheck
yes