On Sun, Feb 4, 2018 at 11:33 PM, <
gon...@seagroup.com> wrote:
>
> Hi all ,
>
> i came cross this issue:
> Files hidden inside directory '/var/lib/docker/overlay2/xxxxxxxxxxxxx/merged/root/go/src'. Link count does not match number of files (4,1).
> in many servers. However, when i checked ossec configuration file in those servers, there are no /var/lib/docker/overlay2 directory wrote in configuration file.
>
>
>
>
>
> what i guess, since one of those server cluster, i need to monitory fire integrity of this server under /var/lib/docker/overlay2/xxxxxxxxxxxxx. However the file name is to complicated, so what i did is i generated number to link to those complicated directory. I am not really sure , is this a problem cause my above alert come out in other servers. (PS: those servers connect to same ossec manager server.)
>
>
This is a rootcheck alert, not syscheck. I know rootcheck has some
issues with these overlay filesystems, but I haven't really gotten a
chance to look into it to see what can be done.
>
> thank you for helping guys. urgent now
>
>
>
> best regards,
>
> kaiwen
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
ossec-list+...@googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.