Difference between revisions of "Troubleshooting OSSEC issues"

From Notes_Wiki
(Created page with "<yambe:breadcrumb>OSSEC|OSSEC</yambe:breadcrumb> =Troubleshooting OSSEC issues= For troubleshooting OSSEC issues try following: # Restart ossec service on ossec server #:Noti...")
(No difference)

Revision as of 13:52, 31 March 2015

<yambe:breadcrumb>OSSEC|OSSEC</yambe:breadcrumb>

Troubleshooting OSSEC issues

For troubleshooting OSSEC issues try following:

  1. Restart ossec service on ossec server
    Notice that ossec-remoted starts (use /var/ossec/bin/ossec-controld restart)
  2. Restart ossec service on client
  3. Verify details in /var/ossec/etc/ossec.conf file
  4. Verify key is same in /var/ossec/etc/client.keys in both server and client
  5. Restart ossec machine
  6. Restart client machine
  7. Look at /var/ossec/log/ossec.log file for hints
Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Troubleshooting_OSSEC_issues&oldid=2048"