How to config realtime?? i have added tag realtime in config.... you talk about realtime in kernel or what else
Vào 01:09:15 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết: > > On Tue, May 13, 2014 at 2:04 PM, Nguyễn Văn Hớn > <[email protected]<javascript:>> > wrote: > > Thank for u. The alert have send to me. but it is delay.... very slow > send > > alert. how to optimize speed for intergrity > > > > Make sure realtime actually works. I think the compilation silently > ignores it if the proper bits aren't found. > > > Vào 00:58:17 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã > viết: > >> > >> On Tue, May 13, 2014 at 1:53 PM, Nguyễn Văn Hớn <[email protected]> > wrote: > >> > That is my config > >> > <syscheck> > >> > <!-- Frequency that syscheck is executed - default to every 22 > hours > >> > --> > >> > <frequency>300</frequency> > >> > > >> > <!-- Directories to check (perform all possible verifications) > --> > >> > <!-- <directories > >> > check_all="yes">/etc,/usr/bin,/usr/sbin</directories> > >> > <directories check_all="yes">/bin,/sbin</directories> --> > >> > <directories realtime="yes" > >> > check_all="yes">/var/www/html/wordpress</directories> > >> > > >> > <alert_new_files>yes</alert_new_files> > >> > > >> > and that is rule. i have write rule in local_rules.xml > >> > > >> > <rule id="554" level="10" overwrite="yes"> > >> > <category>ossec</category> > >> > <decoded_as>syscheck_new_entry</decoded_as> > >> > <description>File added to the system.</description> > >> > <group>syscheck,</group> > >> > </rule> > >> > > >> > > >> > and then. i have copy shell to wordpress folder. i restart ossec. > i > >> > have > >> > read in syscheck. i have saw the code hash md5 off shell in syscheck. > >> > then i change content off shell and save all. restart the > >> > ossech-syscheck. but never alert send to me > >> > > >> > where was i wrong? > >> > > >> > >> Did the file make it into the syscheck db? Did the new hash make it > >> into the syscheck db? > >> > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
