Hi John, You need to add this configuration to the ossec server, not the agent (same to the auto_ignore option).
*Also, the alert will only come by the next time syscheck runs (which is by default every 12 hours). Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 10/9/07, PKTan <[EMAIL PROTECTED]> wrote: > > > > Hi, > I am evaluating the OSSEC software, tried configure the > alert_new_files option in the syscheck configuration , but it didn't work. > I created a "c:\test" folder with 2 files. Added the following to the > window oseec agent ossec.conf > > syscheck> > <frequency>60</frequency> > <directories check_all="yes">C:\test</directories> > <alert_new_files>yes</alert_new_files> > <auto_ignore>no</auto_ignore> > > ... > ... > ... > ... > </syscheck> > > after restarting the agent , I added files into the c"\test directory, but > OSSEC-SERVER didn't receive any new file alert. > > Anyone can advise what go wrong ? > > Do I need to make any chance to the server ossec.conf file ? > > your prompt reply is greatly appreciated. > > Thank you in advance. > > > Regards > John > > > > < > ________________________________ > Real people. Real questions. Real answers. Share what you know.
