On 07/27/2013 07:17 PM, perezbox wrote:
Hey Mike
Yup, we're aware of it. The issue we have had with it is it's just too
noisy.. and its disabled by default.. it also has issues handling
subdirectories... :(
We're still playing though. How are you configuring it on your end to
reduce the noise and handle subdirectories?
I recall Daniel talking about the issue with it being too noisy. Someone
later submitted a patch that added IN_CREATE and in beta it didn't seem
to be an issue, I figured because 554 would not alert by default, but
now that I am testing it with an overwrite rule I am thinking it just
doesn't work. Maybe that's why we're not seeing the chattiness that
Daniel was talking about. I'm guessing you guys aren't running a stock
2.7 release version. Does it actually work for you at all? The only
thing I can think of that might be a bit different in my installation
than most is that my syscheck definition is in agent.conf rather than
ossec.conf.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
