Hi all, I've enabled the syscheck option to look for new files as documented here:
http://www.ossec.net/wiki/Know_How:Syscheck New files are detected and alerted upon on the ossec server, but don't seem to be on agents. I've verified that the clients are monitoring the directories that I'm placing test files into by confirming that the directory is listed when checking the ossec.log on the client, as well as by receiving alerts on changed files in the directory that I'm testing (in this case, /etc). Both the agent and server are redhat 5 boxes, both are running v2.5.1 of ossec. I've also ensured that syscheck has ran on the client since creating the test files. Any ideas on how to further troubleshoot this? Thanks. Aaron
