Hi,
I am finding an issue where no alerts are being reported for new files
created on the client systems. I have enabled syscheck for alert_new_files.
Also the smtp configuration on the server ossec.conf file seems fine as I
am getting other alerts on checksum changes of few files.
Tried created files under /usr/bin, /bin of the client system, but no
alerts. what could be preventing these to be reported? Any help?
*Configuration on OSSEC server (ossec.conf) :*
<ossec_config>
<global>
<email_notification>yes</email_notification>
<smtp_server>smtp.test.com</smtp_server>
<email_to>[email protected]</email_to>
<email_from>[email protected]</email_from>
<email_maxperhour>20</email_maxperhour>
</global>
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>1800</frequency>
<!-- Directories to check (perform all possible verifications) -->
<directories report_changes='yes'
check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories report_changes='yes'
check_all="yes">/bin,/sbin</directories>
<!-- Alert if a new file is created -->
<alert_new_files>yes</alert_new_files>
*Configuration on the client (ossec.conf) :*
<ossec_config>
<client>
<server-ip>192.168.1.100</server-ip>
</client>
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>1800</frequency>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
