Hi, I'm reading the man page of syscheck-control ( http://www.ossec.net/doc/programs/syscheck_control.html) and would like to know what exactly is meant by "clearing" the syscheck database.
Does running syscheck-control -u remove the history of file changes, or does it also remove the baseline information about files for that system? E.g. for agent 1, if I do the following run syscheck -> get baseline1 change files run syscheck -> get baseline2 (now showing changed files) run syscheck-control -u (history is removed) Does this mean that only baseline2 is removed? or is everything (baseline1 & baseline2) removed? If it is the latter, then if I again change some files on the agent and run syscheck again, I should not get any alerts for modified files (since there is no baseline on the manager). Is this correct? Regards, Chris
