HI,
I just try the syscheck to detect on a modification upon a directories. But
I could not generate any logs. I install ossec locally (I am not sure
whether I should enable agentless or not). Here is what I am doing:
In the ossec.conf, I disable the email notification, active response;
including every rules as in the sampel ossec.conf; and then I add the
configuration for syscheck as follows
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>8</email_alert_level>
</alerts>
<!-- Hugo Syscheck -->
<syscheck>
<frequency>10</frequency>
<directories
check_all="yes">/home/hugo/experiment/ioztemp</directories>
<auto_ignore>no</auto_ignore>
<alert_new_files>yes</alert_new_files>
</syscheck>
Then I "ossec-control start" to start syscheck. I keep on watching ossec.log
in /logs and also logs in alerts directories. I add new files into my target
directories, modifies the files into that directories, but nothing shows up
there. So I am wondering where I go wrong.
Best,
Hugo
