The diff has made a difference. However, still with this same issue, I'm noticing that not all files are being reported though. For instance, I tested 20 txt files, but only 19 were reported. The 20th file was finally reported on ossec/queue/syscheck/<hostname IP address> ->syscheck when ossec client was restarted. I got the same results with other extension files (eg gz, tgz, etc). After a restart, when the client log said: INFO: Connected to the server (IPaddress: 1514) that's when last entry was reported on the server.
Any ideas? On Dec 29 2011, 8:21 pm, "dan (ddp)" <[email protected]> wrote: > Try this diff. > > On Thu, Dec 29, 2011 at 10:04 PM, helpmailinglist > > <[email protected]> wrote: > > Inside the <syscheck> section I have the following: > > <directories check_all="yes" restrict=".txt">/usr/local/tmp</ > > directories> > > > However, ossec does not report any /usr/local/tmp/*.txt in the file: > > ossec/queue/syscheck/<hostname IP address> ->syscheck. > > > ossec v2.6 is being used on the server/client side. Other extensions > > (such as gz) and paths have been tried but with no luck. > > > Has anyone been able to to run a similar setup? > > > > create_db.c.diff > < 1KViewDownload
