Ran some tests, and the duplicate entries in the syscheck db does still cause problems (is there a wishlist for 2.6?) Will try creating a rule to ignore the stuff I don't want. Hopefully I can get away without alerting on new files.
On Oct 14, 3:56 pm, "dan (ddp)" <[email protected]> wrote: > I think it may still have issues, but I haven't had a chance to test it yet. > Having duplicate entries in the syscheck db might be the big problem. > Beyond this you could probably turn on the alert on new files option > and create a rule for it. And possibly create a rule to ignore the > syscheck stuff you don't want to deal with in /application. But I > think this would still require you knowing what's in /application. > Alerting on new files could give you the notification you aren't > currently getting when your systems are changed. >
