Hi,
Just tried ossec 0.9 and have some queries:
1. The syscheck daemon takes up significant CPU time on my box.
Can it be throttled or scheduled at a fixed time?
2. I enabled active-response on server but disabled on agent
machine. However, agent host still responses to attack using
policy on server. Is it a bug or feature?
3. The time zone fix stated at:
http://www.ossec.net/ossec-list/2006-June/msg00019.html
seems has side-effect. On my Fedora 4 box, the mail header
becomes +0000 (HKT). I reverted the change and it works
(becomes +0800).
4. On Solaris, it may worth to include /var/adm/message to the
default monitor list.
BTW, OSSEC is great. Easy to install and useful.
Rgds.
Martin
