Hi Ferdia. In order to be alerted about new files, you should add the option <alert_new_files> to Syscheck on the server side. Here is an example:
<syscheck> <frequency>7200</frequency> *<alert_new_files>yes</alert_new_files>* <directories check_all="yes" realtime="yes" report_changes="yes>/etc,/usr/bin,/usr/sbin</directories> <!-- (...) --> </syscheck> Despite this, alerts about new files don't support real-time, so they won't appear until next scan (after the number of seconds specified on <frequency> ). Kind regards. Victor Fernandez. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
