Yes, syscheck was completed after the new file was created. I verified the db in /var/ossec/queue/syscheck/ and shows the file created. To verify this again, I manually executed syscheck with `agent_control -r -u 001` on the server; but still no alerts reported.
Does the client require inotify tools to be installed for reporting? I have it installed on the server, but not sure about every clients running agent. Any other dependencies/logs to check? Thanks. > Has syscheck already performed a baseline scan? Has a scan > occurred/finished since the file was created? Does the new file exist > in the syscheck db (/var/ossec/queue/syscheck/SOMETHING)? > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
