Here is what I see, and I think this across all my servers with this config:
2010/09/30 07:52:32 ossec-syscheckd: INFO: Starting syscheck scan. 2010/09/30 08:02:45 ossec-syscheckd: INFO: Ending syscheck scan. 2010/09/30 08:17:45 ossec-syscheckd: INFO: Starting syscheck scan. 2010/09/30 08:27:58 ossec-syscheckd: INFO: Ending syscheck scan. 2010/09/30 08:42:58 ossec-syscheckd: INFO: Starting syscheck scan. 2010/09/30 08:53:11 ossec-syscheckd: INFO: Ending syscheck scan. 2010/09/30 09:08:11 ossec-syscheckd: INFO: Starting syscheck scan. (syscheck running almost every 10 minutes) Is this the 'default' if I don't specify a frequency (or comment it out), scan time or scan day (even though scan day doesn't work)? I want to be able to kick syscheck off "on-demand" but am essentially trying to do it via cron (through agent_control) because I only want it to run once a week on early Sunday morning (and scan_day appears broken so there is no way to effectively do this otherwise). Any help on this? On Sep 28, 11:20 am, "dan (ddp)" <[email protected]> wrote: > On Tue, Sep 28, 2010 at 1:31 PM, Jeremy Lee <[email protected]> wrote: > > That makes sense. I guess what I'd really want to see the option to > > push/update just a single 'config' file (ossec.conf) to all clients :) > > If the only configuration you do in the ossec.conf is the server IP, > then pushing out the agent.conf is basically what you're asking for.
