[ossec-list] Re: OSSEC-WUI question

["Daniel Cid" <daniel.cid@xxxxxxxxx>]

Hi Ed,

Can you try restarting apache? It will only use the new permissions/users after
you restart it. In additional to that, make sure to change the ossec path inside
the ui configuration file from /var/ossec/ to /opt/ossec.

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 5/24/07, Vazquez, Ed <evazquez@xxxxxxxxxxxx> wrote:
> The primary goal of implementing OSSEC where I work is to centralize
> logging, alerts, etc. (no surprise there).
>
> The WebUI is a great addition to the package as it lets me give the
> group responsible for care and feeding of the various systems and
> devices some visibility into what is being reported.
>
> Since 90% of this data is sent via Syslog and captured /sorted by
> syslog-ng, I am using the log analysis engine to suck in the data and
> generate alerts, etc.
>
> While I get valid data in '/opt/ossec/logs/alerts/alerts.log', the
> WebUI continues to deny the existence of anything except the local
> server agent and even for that claims that no alert data is available.
>
> I know I'm new to the OSSEC world, so I'm pretty sure I missed
> something or broke something in my setup.
>
> The exact error is:
>
> Available agents:
> +ossec-server (127.0.0.1)
> -ossec-server (127.0.0.1)
>   Name: ossec-server
>   IP: 127.0.0.1
>   Last keep alive: 2007 May 24 10:51:21
>   OS:
>
> Latest modified files:
>
>       No integrity checking information available.
>       Nothing reported as changed.
>
>
>
> Unable to retrieve alerts.
>
> I did add the "www" user to the /etc/groups "ossec" entry and ensured
> that the local "tmp" file has 777 permissions.  I also made sure to
> change the ossec_conf.php file to point to '/opt/ossec' instead of
> '/var/ossec'.
>
> Help again?
>
> --
> Ed Vazquez
>
> There are never any bugs you haven't found yet.
> 24 May 2007 10:41:58
>
>