That is my config
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>300</frequency>
<!-- Directories to check (perform all possible verifications) -->
<!-- <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories> -->
<directories realtime="yes"
check_all="yes">/var/www/html/wordpress</directories>
<alert_new_files>yes</alert_new_files>
and that is rule. i have write rule in local_rules.xml
<rule id="554" level="10" overwrite="yes">
<category>ossec</category>
<decoded_as>syscheck_new_entry</decoded_as>
<description>File added to the system.</description>
<group>syscheck,</group>
</rule>
and then. i have copy shell to wordpress folder. i restart ossec. i
have read in syscheck. i have saw the code hash md5 off shell in syscheck.
then i change content off shell and save all. restart the
ossech-syscheck. but never alert send to me
where was i wrong?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
