I wanted to confirm if it is normal for ossec manager & agent to take about 30-40 minutes to complelet all scans after it is restarted. Both manager and agent are linux and only /etc, /usr/bin, /usr/sbin, /bin, /sbin directories are getting checked
Ossec Manager (ossec.log) ---------------------------------------- 2010/03/11 13:11:14 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2010/03/11 13:14:54 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed). 2010/03/11 13:16:54 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/03/11 13:27:49 ossec-syscheckd: INFO: Ending syscheck scan (forwarding database). 2010/03/11 13:28:09 ossec-rootcheck: INFO: Starting rootcheck scan. 2010/03/11 13:44:44 ossec-rootcheck: INFO: Ending rootcheck scan. Ossec agent (ossec.log) ----------------------------------- 2010/03/11 09:12:11 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2010/03/11 09:12:11 ossec-syscheckd: INFO: Initializing real time file monitoring (not started). 2010/03/11 09:18:23 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed). 2010/03/11 09:20:23 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/03/11 09:37:23 ossec-syscheckd: INFO: Ending syscheck scan (forwarding database). 2010/03/11 09:37:43 ossec-syscheckd: INFO: Starting real time file monitoring. 2010/03/11 09:37:43 ossec-rootcheck: INFO: Starting rootcheck scan. 2010/03/11 10:05:15 ossec-rootcheck: INFO: Ending rootcheck scan.
