On Wed, Aug 14, 2013 at 12:18 PM, vtrack <[email protected]> wrote: > > Yes, syscheck was completed after the new file was created. I verified the > db in /var/ossec/queue/syscheck/ and shows the file created. To verify this > again, I manually executed syscheck with `agent_control -r -u 001` on the > server; but still no alerts reported. >
I forgot to make sure you modified the level of rule 554. > Does the client require inotify tools to be installed for reporting? I have > it installed on the server, but not sure about every clients running agent. > Any other dependencies/logs to check? > inotify is only necessary for realtime tracking. > Thanks. > >> >> Has syscheck already performed a baseline scan? Has a scan >> occurred/finished since the file was created? Does the new file exist >> in the syscheck db (/var/ossec/queue/syscheck/SOMETHING)? >> >> > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
