Hi,
I'm testing Ossec and am a bit confused when it comes to monitoring file
creation. I'd like to be alerted when a new file is created on C:\ (e.g. an
exe file is added: C:\example.exe) but I can't make it work.
As mentionned in the documentation, I've updated the client configuration
file (ossec.conf) as follows:
<syscheck>
<alert_new_files>yes</alert_new_files>
...
</syscheck>
I've also added the path to be monitored:
<directories realtime="yes" check_all="yes">C:\.</directories>
As well as increased the level of rule ID 554 on the server from 0 to 10:
<rule id="554" level="10">
<category>ossec</category>
<decoded_as>syscheck_new_entry</decoded_as>
<description>File added to the system.</description>
<group>syscheck,</group>
</rule>
I've then added the exe file in C:\ but the ossec-alerts log file on the
server does not mention it.
Any idea what I have missed?
Many thx in advance for your support.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
