[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Question on Windows agent and syscheck

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] Question on Windows agent and syscheck
From: "Zarick Lau" <zarick@xxxxxxxxx>
Date: Tue, 4 Sep 2007 12:12:09 +0800
Authentication-results: mx.google.com; spf=pass smtp.mail=ossec-list+caf_=ossec-list=googlegroups.com@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Authentication-results: mx.google.com; spf=pass (google.com: domain of zarick@xxxxxxxxx designates 64.233.182.184 as permitted sender) smtp.mail=zarick@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=MHKK76ONzSAAU/5jxkWdd2NfTjsM9f2JDcy2mSLyWI+INsTCsjOtSkQmkKxOSFWambAUejt0MCcemDD/RwEEYegqZSTVAD12olegJcHAqohV5+4uRhRwHwamzEVGBSm+5SI/Fl1l87Q7DqC7wFYU4l1whXt2ugl2LSkV8si1w9k=

Dear Users and Developers,

I'm trying OSSEC windows agent lately. However, I can't get the syscheck
working. (rootkit / localfile checks are alright).

The problem I have is ossec-agent doesn't forward any file integrity
alert. Regardless 'auto_ignore' / 'alert_new_files' are set or not.

I have also turned on syscheck.debug=1, but don't see any
extra log in ossec.log.

Also, I have another related question on syscheck.
Is it possible to kick off syscheck manually?

If i can trigger syscheck manually, the configuration process
would be much easily and efficient.

Thanks!

Best regards,
Zarick

Prev by Date: [ossec-list] Re: Problem on email notification
Next by Date: [ossec-list] Integrity Checking
Previous by thread: [ossec-list] Re: Active-Responses Perl
Next by thread: [ossec-list] Integrity Checking
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.