Troubleshooting OSSEC issues

From Notes_Wiki

Home > CentOS > CentOS 6.x > Security tools > OSSEC > Troubleshooting OSSEC issues

For troubleshooting OSSEC issues try following:

  1. Restart ossec service on ossec server
    Notice that ossec-remoted starts (use /var/ossec/bin/ossec-controld restart)
  2. Restart ossec service on client
  3. Verify details in /var/ossec/etc/ossec.conf file
  4. Verify key is same in /var/ossec/etc/client.keys in both server and client
  5. Restart ossec machine
  6. Restart client machine
  7. Look at /var/ossec/log/ossec.log file for hints
Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Troubleshooting_OSSEC_issues&oldid=5528"