On Tue, Sep 28, 2010 at 12:22 PM, Jeremy Lee <[email protected]> wrote: > Does active_response need to be enabled for syscheck in agent.conf to > properly work? I'm guessing active_response needs to be on for agent_control > to properly restart the agents, etc. But it shouldn't have anything to do > with agent.conf being merged with ossec.conf correct? >
No, active_response being disabled shouldn't affect whether syscheck in agent.conf works or not. I'm having trouble getting the scan_time/scan_day to work on my systems (in ossec.conf). I'm not sure if those options are really working at the moment.
