Regular syscheck works in agent.conf. I haven't had the chance to try it with scan_time (this isn't an option I've ever had the need to use). I might be able to do more testing tomorrow though.
On Tue, Sep 28, 2010 at 12:45 PM, Jeremy Lee <[email protected]> wrote: > Yeah... I'm testing again with v2.5 but it looks like things still don't > work as I would want them to. > > If you remove/comment out the scan_day flag though, do things work? Because > they do for me but *only* with ossec.conf. I actually tried the same > combination (with and without scan_day) in agent.conf and nothing worked at > all. > > I think my fallback may have to be using agent_control -r -a in conjunction > with cron to setup the scheduling to my liking. The -r and -a flags will > require active response I'm guessing, right? > > On Tue, Sep 28, 2010 at 9:30 AM, dan (ddp) <[email protected]> wrote: >> >> On Tue, Sep 28, 2010 at 12:22 PM, Jeremy Lee <[email protected]> wrote: >> > Does active_response need to be enabled for syscheck in agent.conf to >> > properly work? I'm guessing active_response needs to be on for >> > agent_control >> > to properly restart the agents, etc. But it shouldn't have anything to >> > do >> > with agent.conf being merged with ossec.conf correct? >> > >> >> No, active_response being disabled shouldn't affect whether syscheck >> in agent.conf works or not. >> I'm having trouble getting the scan_time/scan_day to work on my >> systems (in ossec.conf). I'm not sure if those options are really >> working at the moment. > >
