OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
I restarted OSSEC and the host but /var/ossec/queue/diff remains empty.
The connexion between my host and the server is working, because I receive logon and other notifications.
There is no specific error message in ossec.log (on agent file, I even read the message « ossec-logcollector: INFO: Monitoring full output of command(10): reg QUERY HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum ») or /var/ossec/logs/ossec.log.
Hi,
I’m having an issue with a local rule to detect any USB device connected. I implemented on OSSEC server the following one :
After that, I wrote these lines on agent ossec.conf file :
I restarted OSSEC and the host but /var/ossec/queue/diff remains empty. The connexion between my host and the server is working, because I receive logon and other notifications. There is no specific error message in ossec.log (on agent file, I even read the message « ossec-logcollector: INFO: Monitoring full output of command(10): reg QUERY HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum ») or /var/ossec/logs/ossec.log.
Does anyone have an idea about this issue ?
Cheers!