Hi, I tried yr manually run syscheck on an Agent as below, however the "last started date" is showing as for the previous run. I have enabled active response for both server and agent. What could be causing this? Didn't syscheck scan run successfully?
Also, wanted to know minimum syscheck frequency time I can specify for. I have mentioned 600 on ossec server and agent to run few quick tests.. That should run syscheck scan every 10 mins, correct? I see there are syscheck frequency tag on both ossec server and agent. If server pushes syscheck on the agent, what is agent syscheck frequency used for? *# /var/ossec/bin/agent_control -i 002* * * *OSSEC HIDS agent_control. Agent information:* * Agent ID: 002* * Agent Name: agent-vm1* * IP address: 192.168.0.10* * Status: Active* * * * Operating system: Linux agent-vm1 2.6.32-71.e..* * Client version: OSSEC HIDS v2.7* * Last keep alive: Mon Aug 26 04:25:44 2013* * * * Syscheck last started at: Mon Aug 26 03:58:54 2013* * Rootcheck last started at: Mon Aug 26 03:44:31 2013* * * *# /var/ossec/bin/agent_control -r -u 002* * * *OSSEC HIDS agent_control: Restarting Syscheck/Rootcheck on agent: 002* * * * * *# /var/ossec/bin/agent_control -i 002* * * *OSSEC HIDS agent_control. Agent information:* * Agent ID: 002* * Agent Name: agent-vm1* * IP address: 192.168.0.10* * Status: Active* * * * Operating system: Linux agent-vm1 2.6.32-71.e..* * Client version: OSSEC HIDS v2.7* * Last keep alive: Mon Aug 26 04:25:44 2013* * * * Syscheck last started at: Mon Aug 26 03:58:54 2013* * Rootcheck last started at: Mon Aug 26 03:44:31 2013* * * * * Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
