Hi, I am checking the realtime feature of OSSEC and I have noticed that the system doesn't report in realtime when a file is added (I have configured alert_new_files and modified the rule file). The notification is generated only when syscheck runs its periodic scan, configurable via the interval option. Syscheck is notified by the OS using the inotify interface but it looks like the function to generate the alert has not been implemented yet. Could you confirm me that this behavior is expected? Do you have any plan to implement this in future?
Thank You, --Marco
