Windows or *nix? If linux, pre-linking maybe?
On Fri, Jun 10, 2011 at 2:49 PM, Pat <[email protected]> wrote: > Dan, > > Thank you for replying. No, the agent has been connected for the past > 2 weeks and I've been letting them run. I wanted to validate the > alerts that were coming over and I found that when I went to that > server, the dates of these files went back quite a while ago. The > agent tells us that the file was modified the day it alerted us, > however, the date the file was created/modified on the server is still > a couple years ago. I have also looked into anyone who is doing work > on the server, and no one has touched these files. > > > > > > On Jun 10, 12:52 pm, "dan (ddp)" <[email protected]> wrote: >> Is it possible that agent hasn't been connected to the manager for a while? >> I don't particularly trust the file dates on the agents. If someone is >> messing around they can easily change those dates. >> >> >> >> On Wed, Jun 8, 2011 at 4:22 PM, Pat <[email protected]> wrote: >> > Hello All, >> >> > I reviewed some of the OSSEC alerts that I am getting about integrity >> > checksums as well as new file alerts and noticed that the dates on the >> > files were from a couple years ago (for new file alerts. the >> > integrity checksum one was a little less than a month ago). Is there >> > any reason that it would be doing this? I am using realtime="yes", so >> > I would assume that if I received an alert it was because the >> > integrity checksum was changed sometime today, or if a new file was >> > added it would have the date created/modified as of today. >> >> > Any thoughts? >> >> > Thanks in advance.
