On Fri, 9 Oct 2009 03:57:07 -0700 (PDT), "[email protected]" <[email protected]> wrote: > Hello there, I'm testing the realtime monitoring on a windows box, but > can't get it to work, I added realtime=”yes” to the client's agent > config, but when I create files inside the monitored directory, the > change is not picked up. > I have tried restarting ossec on the server, restarting the client and > also running syscheck_control. > FYI, syscheckd never mentions "real time" in the log.
Hello namezk, I know you mentioned that syscheckd isn't in the log, but can you check for "ossec-syscheckd: INFO: Starting real time file monitoring." -- Michael Starks [I] Immutable Security http://www.immutablesecurity.com Information Security, Privacy and Personal Liberty Week of OSSEC - Every day a new OSSEC post - Oct 25-31 Speaking on "OSSEC in the Enterprise," Oct 29 2009 (http://www.immutablesecurity.com/index.php/2009/09/10/ossec-at-the-rochester-security-summit/)
