Hello dcid, I think that I found a bug.
I am using OSSEC 2.6 in two linux servers, a server and a agent... with Debian squeeze. My question or possible bug is with inotify and syscheck. When I change more that tree times a file that are monitored with realtime (inotify) the fourth time does not work before. Example: I changes file /root/tst.txt tree times and I see the changes with syscheck_control -i ID. A fourth time don't see more. Thank You. Marcelo
