i’m playing around with ossec 2.6. i’m trying to set up server for agentless monitoring of multiple linux boxes.
after installation [where i answered no for most of the question] i’ve run into the following problem:
pQd-ossec:/usr/src/ossec-hids-2.6# /opt/ossec/bin/ossec-control start Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... OSSEC analysisd: Testing rules failed. Configuration error. Exiting. Started ossec-maild... Started ossec-execd... Started ossec-analysisd... Started ossec-logcollector... Started ossec-remoted... 2011/12/28 16:39:57 ossec-syscheckd(1702): INFO: No directory provided for syscheck to monitor. Segmentation fault
to make things work and not segfault on config generated by the installer i had to modify /opt/ossec/etc/ossec.conf and add:
<syscheck> <directories check_all="yes">/etc</directories> </syscheck>