Hi.
As the subject says new files are not getting detected in /var/www
below is my shared/agent.conf and ossec_rules.xml
shared/agent.conf
<agent_config>
<syscheck>
<!-- Frequency that syscheck is executed -- default every 2
hours -->
<frequency>7200</frequency>
<directories realtime="yes" check_all="yes">/etc,/sbin,/usr/bin,/
usr/sbin</directories>
<ignore>/etc/motd</ignore>
<ignore>/root/.bash_history</ignore>
<ignore>/root/.viminfo</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mtab</ignore>
<ignore>/etc/vmware-tools/locations</ignore>
<ignore>/etc/lvm/cache</ignore>
</syscheck>
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</
rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</
rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</
system_audit>
<system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</
system_audit>
</rootcheck>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/messages</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/auth.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/syslog</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/mail.info</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</agent_config>
<agent_config name="ossecc01">
<syscheck>
<alert_new_files>yes</alert_new_files>
<directories realtime="yes" check_all="yes">/var/www</
directories>
</syscheck>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/proftpd/proftpd.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/apache2/access.log</location>
</localfile>
</agent_config>
ossec_rules.xml on master
<rule id="554" level="7">
<category>ossec</category>
<decoded_as>syscheck_new_entry</decoded_as>
<description>File added to the system.</description>
<group>syscheck,</group>
</rule>
