Oops sorry Daniel, but in my ossec.conf file I have excluded vmguests
directories:
<syscheck>
<!-- Frequency that syscheck is executed - default to every 6 hours -->
<frequency>21600</frequency>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/data/software</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/var/log/wtmp</ignore>
<ignore>/etc/cups/ssl</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/blkid/blkid.tab</ignore>
<ignore>/etc/aliases.db</ignore>
<ignore>/etc/prelink.cache</ignore>
<ignore>/data/vmguests</ignore>
<alert_new_files>yes</alert_new_files>
<auto_ignore>no</auto_ignore>
</syscheck>
carlopmart wrote:
>
> Hi Daniel,
>
> Yes I have 3 vm guests under vmware workstation 6.5:
>
> 16K ./lost+found
> 32G ./el5updates
> 2.7G ./centos5
> 8.3G ./win2k8
> 43G
>
> But this VMs exists when I have installed version 1.5 without problems
> ... Do you want that I open a bug report??? Or maybe this the only real
> problem?? I can test putting VMs directories out of syscheckd config ...
>
>
> Daniel Cid wrote:
>> Hi,
>>
>> Do you have large VMs running on this box? The only reason I can think
>> is that you have
>> very large files that take a while to generate the md5/sha1 checksum.
>> Anyone else seeing
>> this behavior?
>>
>> *btw, can you provide more information to us? (
>> http://www.ossec.net/wiki/index.php/Community_manual:BugReport )
>>
>> Thanks,
>>
>> --
>> Daniel B. Cid
>> dcid ( at ) ossec.net
>>
>>
>>
>> On Fri, Jun 27, 2008 at 11:37 AM, carlopmart <[EMAIL PROTECTED]>
>> wrote:
>>> Please any hints about this??
>>>
>>> carlopmart wrote:
--
CL Martinez
carlopmart {at} gmail {d0t} com
