Thanks, I am indeed focussing one user as that is a pseudo-user directory which contains all of our application code.
- Mark On Thu, Mar 4, 2010 at 7:06 PM, Wim Remes <[email protected]> wrote: > Hi, > > you should try the following : > > <directories check_all="yes" realtime="yes">/home</directories> > this will monitor everything in /home and thus all user directories. > > (I'm hoping you're not focusing on one user :-) ) > > Cheers, > > W > On 04 Mar 2010, at 18:39, Mark wrote: > > > Hi, > > > > I'm looking for some help troubleshooting a central agent > > configuration. I've followed the > > instructions as per http://www.ossec.net/main/manual/centralized-config > > but my > > updated syscheck stanza doesn't seem to result in changes in /home/ > > username > > being alerted. > > > > /opt/ossec/etc/shared/agent.conf as below, client checksums confirm > > they > > got the config. > > > > <agent_config> > > <syscheck> > > <frequency>3700</frequency> > > <directories check_all="yes" realtime="yes">/home/username</ > > directories> > > <!-- Directories to check (perform all possible verifications) -- > >> > > <directories check_all="yes" realtime="yes">/etc,/usr/bin,/usr/ > > sbin</directories> > > <directories check_all="yes" realtime="yes">/bin,/sbin</ > > directories> > > </syscheck> > > </agent_config> > > > > Regards, > > Mark > >
