Thanks for the follow up. Yes, the file is in the agents database on the manager.
Aaron On Fri, Apr 29, 2011 at 4:00 PM, dan (ddp) <[email protected]> wrote: > Check to see if the file is listed in the syscheck database for that agent. > /var/ossec/queue/syscheck/something->something on the manager > > No idea why this doesn't work for you though. > > On Fri, Apr 29, 2011 at 11:56 AM, Aaron Bliss <[email protected]> wrote: >> Hi all, >> I've enabled the syscheck option to look for new files as documented here: >> >> http://www.ossec.net/wiki/Know_How:Syscheck >> >> New files are detected and alerted upon on the ossec server, but don't >> seem to be on agents. I've verified that the clients are monitoring >> the directories that I'm placing test files into by confirming that >> the directory is listed when checking the ossec.log on the client, as >> well as by receiving alerts on changed files in the directory that I'm >> testing (in this case, /etc). Both the agent and server are redhat 5 >> boxes, both are running v2.5.1 of ossec. I've also ensured that >> syscheck has ran on the client since creating the test files. Any >> ideas on how to further troubleshoot this? Thanks. >> >> Aaron >> >
