Hello there, I'm testing the realtime monitoring on a windows box, but can't get it to work, I added realtime=”yes” to the client's agent config, but when I create files inside the monitored directory, the change is not picked up. I have tried restarting ossec on the server, restarting the client and also running syscheck_control. FYI, syscheckd never mentions "real time" in the log.
The server is CentOS 5.3 runing OSSEC 2.2. The client is WindowsXP running the agent snapshot you linked to. Thank you.
