On Wed, Sep 19, 2012 at 6:59 AM, Andreas Lang <[email protected]> wrote: > Hello, > > We have some questions regarding analysing log files with OSSEC referring to > the log file requirements in PCI-DSS 10.5.5. > > PCI DSS 10.5.5.: > Use file-integrity monitoring or change-detection software on logs to ensure > that existing log data cannot be changed without generating alerts (although > new data being added should not cause an alert). > > To cover this issue we wanted to enable real-time monitoring on our log file > directories. Unfortunately we are getting this error: > Ignoring flag for real time monitoring on directory: '/data/' > > Our servers are based on Ubuntu 10.04, 11.04 and 11.10, all x64 systems. We > are using OSSEC 2.5 for clients and server. I know, that for real-time > monitoring the tool inotify-tools must be installed, but unfortunately this > didn’t resolve the issue. > Do you have any suggestions have we can make the real-time monitoring of > growing log files working correctly? > > Thank you very much in advantage > > Regards. > > Andreas Lang >
Are you sure the inotify stuff was enabled in the build? It sounds like the support didn't get compiled in.
