Marco C. wrote: > Syscheck is notified by the OS using the inotify interface but it > looks like the function to generate the alert has not been implemented > yet. Could you confirm me that this behavior is expected? Do you have > any plan to implement this in future?
Hello Marco, That's correct, real-time does not yet work with new files. AFAIK, it should be in the next version. -- Michael Starks [I] Immutable Security http://www.immutablesecurity.com Information Security, Privacy and Personal Liberty Week of OSSEC - Every day a new OSSEC post - Oct 25-31 Speaking on "OSSEC in the Enterprise," Oct 29 2009 (http://www.immutablesecurity.com/index.php/2009/09/10/ossec-at-the-rochester-security-summit/)
