On Sep 14, 2013 11:16 PM, "frwa onto" <[email protected]> wrote: > > Dear Dan, > Is it fine to monitor to every file from / onwards ? Thank you. >
There are a lot of files on a linux system that change very frequently. > > On Wed, Sep 11, 2013 at 9:34 PM, dan (ddp) <[email protected]> wrote: >> >> On Tue, Sep 10, 2013 at 10:13 PM, frwa onto <[email protected]> wrote: >> > Dear Dan, >> > Hopefully its following the standard file. So can I say that >> > OSSSEC is not similar to AIDE as the later does monitoring on all files in >> > the system that is why initially it builds the checksum database right? >> > Thank you. >> > >> >> Look at the ossec.conf and decide for yourself. >> >> > >> > On Wed, Sep 11, 2013 at 2:59 AM, dan (ddp) <[email protected]> wrote: >> >> >> >> On Tue, Sep 10, 2013 at 2:54 PM, frwa onto <[email protected]> wrote: >> >> > Dear Dan, >> >> > Ok I think you are referring to this right. >> >> > >> >> > <!-- Files to monitor (localfiles) --> . So in my scenario which .conf >> >> > to >> >> > look into the one ossec.conf or ossec-server.conf? >> >> > >> >> >> >> The official file is ossec.conf. If the RPM does something silly with >> >> that, I wouldn't know. I continue to know nothing about the RPM. >> >> >> >> > >> >> > On Wed, Sep 11, 2013 at 2:40 AM, dan (ddp) <[email protected]> wrote: >> >> >> >> >> >> On Tue, Sep 10, 2013 at 2:34 PM, frwa onto <[email protected]> wrote: >> >> >> > Dear Dan, >> >> >> > My question is why the entry list of >> >> >> > /var/ossec/queue/syscheck/syscheck is so little. I am sure the total >> >> >> > files I >> >> >> > have in my system is more then this list am I right? >> >> >> > >> >> >> >> >> >> I don't know. Check the directories you have configured in the >> >> >> ossec.conf (<directories> entries in the <syscheck> section). Those >> >> >> are the directories containing the files listed in that db file. If >> >> >> you want something monitored, the directory must be defined in the >> >> >> ossec.conf. >> >> >> >> >> >> -- >> >> >> >> >> >> --- >> >> >> You received this message because you are subscribed to a topic in the >> >> >> Google Groups "ossec-list" group. >> >> >> To unsubscribe from this topic, visit >> >> >> https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe. >> >> >> To unsubscribe from this group and all its topics, send an email to >> >> >> [email protected]. >> >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to a topic in the >> >> Google Groups "ossec-list" group. >> >> To unsubscribe from this topic, visit >> >> https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe. >> >> To unsubscribe from this group and all its topics, send an email to >> >> [email protected]. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/n0-gBzCdh3M/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. > > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
