Pre-scan is the time when the ossec actually calculates the md5 sum of the files and maintains them in a database. Then the next time ossec runs syscheck scan, it again scans the files, calculate the md5 value and then compare them with the values in the database. If any diff is found, it is alerter in the form of rule I'd 550 Regards Tanishk Lakhaani Sent from BlackBerry® on Airtel
-----Original Message----- From: satish patel <[email protected]> Sender: [email protected] Date: Fri, 4 Mar 2011 16:59:37 To: <[email protected]> Reply-To: [email protected] Subject: [ossec-list] what is syscheck database (pre-scan) What is pre-scan thing ? what exactly its doing there after forwarding database. # tail -f /var/ossec/logs/ossec.log 2011/03/04 13:55:11 ossec-rootcheck: INFO: Starting rootcheck scan. 2011/03/04 13:58:26 ossec-rootcheck: INFO: Ending rootcheck scan. 2011/03/04 13:58:46 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2011/03/04 13:58:46 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).
