Check to see if the file is listed in the syscheck database for that agent. /var/ossec/queue/syscheck/something->something on the manager
No idea why this doesn't work for you though. On Fri, Apr 29, 2011 at 11:56 AM, Aaron Bliss <[email protected]> wrote: > Hi all, > I've enabled the syscheck option to look for new files as documented here: > > http://www.ossec.net/wiki/Know_How:Syscheck > > New files are detected and alerted upon on the ossec server, but don't > seem to be on agents. I've verified that the clients are monitoring > the directories that I'm placing test files into by confirming that > the directory is listed when checking the ossec.log on the client, as > well as by receiving alerts on changed files in the directory that I'm > testing (in this case, /etc). Both the agent and server are redhat 5 > boxes, both are running v2.5.1 of ossec. I've also ensured that > syscheck has ran on the client since creating the test files. Any > ideas on how to further troubleshoot this? Thanks. > > Aaron >
