On Thu, Dec 8, 2011 at 7:16 AM, Nick Green <n...@attackstack.net> wrote: > If you want I can supply a strace dump of syscheckd and analyisd? > > I'll continue to plod through the code and see what's not matching up ... > > /nick > >
That might help someone figure it out. Dunno. It might also help to find out what commonalities there are among the setups that are not working properly. I checked my OpenBSD manager and found 553 alerts from this week. I have not checked my CentOS 5 or Ubuntu systems yet, but I will today. > > > On Thu, Dec 8, 2011 at 11:33 AM, Nick Green <n...@attackstack.net> wrote: >> >> >> I have not enabled INOTIFY. Real-time is not an requirement for me. >> I have not got any realtime option in my conf >> >> /nick >> >> >> On Wed, Dec 7, 2011 at 10:48 PM, Andreas Piesk <a.pi...@gmx.net> wrote: >>> >>> On 07.12.2011 21:41, Nick Green wrote: >>> > >>> > Is anyone having trouble with getting alerts to fire on deletion of a >>> > file? >>> >>> same problem here but i haven't found a solution yet. it's supposed to be >>> working and for at least >>> one list member (danddp) it does. >>> >>> i'm using RHEL5/Centos5 too, OSSEC w/ INOTIFY. the tests with OSSEC w/o >>> INOTIFY are still on my todo >>> list. do you use INOTIFY too? >>> >>> regards, >>> -ap >> >> >
