Hello, I am very excited about the new process monitoring feature. However, I looked at http://www.ossec.net/main/manual/manual-process-monitoring, as well as the release notes for v. 2.3, but didn't see a list of supported commands.
Are all commands supported (i.e., OSSEC will run whatever command is put between the <command> tags), and I just need to write decoders/ rules for the commands I'm interested in? Or is there a specific subset of commands OSSEC can run with this feature? Also, how complex can the commands be? Can they be piped together (such as ps aux | grep mysqld)? Or is it just the base command with arguments? I also noticed in another post that Daniel Cid said the command output is checked every 1-2 minutes depending on the flow of the logs. What does that mean? Is there a timer, or is it tied to another check, or what? Thanks in advance! -Alisha Kloc
