On Wed, Nov 2, 2011 at 10:49 AM, Calum <[email protected]> wrote: > Try these... > > <directories realtime="yes" > check_all="yes">/etc,/usr/bin,/usr/sbin</directories> > <directories realtime="yes" check_all="yes">/bin,/sbin</directories> >
This assumes he's using a linux that supports inotify. > <alert_new_files>yes</alert_new_files> > > > On 2 November 2011 14:24, mikes <[email protected]> wrote: >> Hi all, >> >> i have problem with syscheck file integrity and oracle instance. I want to >> monitoring /oracle/product/10.2.0/db/network/admin directory (or only >> listener.ora). >> >> My config (for this): >> >> <directories >> check_all="yes">/etc,/oracle/product/10.2.0/db/network/admin</directories> >> and only file: >> <directories >> check_all="yes">/oracle/product/10.2.0/db/network/admin/listener.ora</directories> >> >> If i change listener.ora file, ossec doesn't show me information about this. >> >> OSSEC have permissions to this directory (add ossec user to oinstall group). >> >> Any ideas? :) >> >
