On 26.07.2013 22:13, perezbox wrote:
I saw a discussion on this earlier in the week and meant to respond,
but got caught side tracked.
Regardless, this was something I too struggled grasping, it took a
conversation with Dani to help better understand. To better
articulate, and save you all a long email, I put it on my blog:
http://tonyonsecurity.com/2013/07/27/ossec-detecting-new-files-understanding-how-it-works/
Hey Tony, thanks for the write-up. Nice to see you on the list. You
guys are doing some good work over at Sucuri.
I wonder if Daniel C realizes that we added IN_CREATE to the source
since he implemented real-time, which wasn't there before. This should
alert on a new file in a monitored directory in real-time, unless we got
it wrong (which is entirely possible). Of course, it will take a while
before the real-time monitoring starts before it can happen. Sounds like
this needs to be tested.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
