Linux has had inotify/realtime support for a while. Ancient distros don't, but anything decently recent should. Windows also supports realtime.
On Thu, Jul 14, 2011 at 5:19 PM, jplee3 <[email protected]> wrote: > Thanks Dan - I wish there was realtime monitoring of files. On the > boxes I want this on, I have syscheck kicking off once every night. I > guess that's enough though. Hopefully > > On Jul 14, 12:34 pm, "dan (ddp)" <[email protected]> wrote: >> I setup an active response to restart my agents when syscheck noticed >> /var/ossec/etc/shared/agent.conf has changed. >> >> >> >> >> >> >> >> On Thu, Jul 14, 2011 at 3:06 PM, jplee3 <[email protected]> wrote: >> > Hi all, >> >> > Does anyone have suggestions on pushing agent.conf after making >> > changes and having this go into effect immediately? I'm specifically >> > looking at when additions are made to monitor logfiles. >> >> > The agent.conf normally gets pushed after some time. However, it >> > doesn't seem like OSSEC will actually read the file until the next >> > restart. >> >> > Is there a way to force the OSSEC agent to *always* restart after the >> > agent.conf is loaded? >> >> > Am I missing something here? >> >> > Thanks, >> > Jeremy
