Hi Marco, This is an option that I decided to remove after testing the realtime notification. The issue is that the system creates some temporary files constantly (vi .swp files, some .tmp files, etc) and removes them a few seconds after.
With the realtime enabled to notify on deletes/creates they would all be reported, which I believe most people don't want. This is a very simple change that I can add, but I think that it will be more confusing than anything else. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, Oct 21, 2009 at 9:34 AM, Michael Starks < ossec-l...@michaelstarks.com> wrote: > > Marco C. wrote: > > Syscheck is notified by the OS using the inotify interface but it > > looks like the function to generate the alert has not been implemented > > yet. Could you confirm me that this behavior is expected? Do you have > > any plan to implement this in future? > > Hello Marco, > > That's correct, real-time does not yet work with new files. AFAIK, it > should be in the next version. > > -- > Michael Starks > [I] Immutable Security > http://www.immutablesecurity.com > Information Security, Privacy and Personal Liberty > Week of OSSEC - Every day a new OSSEC post - Oct 25-31 > Speaking on "OSSEC in the Enterprise," Oct 29 2009 > ( > http://www.immutablesecurity.com/index.php/2009/09/10/ossec-at-the-rochester-security-summit/ > ) >
