Hi Nick, Reply inline...
On 10/2/07, Consolo, Nick <[EMAIL PROTECTED]> wrote: > > Hello, > > First of all thanks for all the work on ossec. It's a great product. I > have two questions regarding the syscheck portion of the product. Thanks :) I am glad you are enjoying it. > 1. In the syscheck database it is recording the uid and gid of each > file entered. Is it possible to modify the notifications to include these > in file modification and creation notifications? Currently it is not possible, but it is in our TODO list to add support for it...Just wait a few months :) > 2. Is it possible to run the syscheck daemon in an active mode so it > detects new files instantly, instead of running it periodically to detect > them? No, it is not possible. It would require some kernel (lkm) changes to be notified on every new addition to the monitored directories.. I know it is possible to do on Windows, but on Linux, BSD's (and similars), it would require kernel hacking... Anyone interested in taking such a task? :) Thanks, -- Daniel B. Cid dcid ( at ) ossec.net
