I am trying to expand my live file monitoring to my apache server and the related www content, and while it will cache the files in /usr/ local/www into /var/ossec/queue/diff it will not cache the httpd/conf dir, what makes this odd is that it correctly enabled realtime monitoring of the directory and reports hash changes but will not cache text config files.
<directories realtime="yes" report_changes="yes" check_all="yes">/usr/ local/httpd/conf,/usr/local/www</directories> Does anyone know if there is any sort of pre-check or requirement before ossec will cache the contents of a file?
