On Fri, Jun 6, 2014 at 10:28 AM, Abhi <[email protected]> wrote: > Hi, > > I am having some trouble in making the OSSEC's new file alerting to work on > a particular linux machine. We have several other systems where it's working > perfectly fine. The local configuration used on all these is identical. >
Are all of these systems (working and not working) reporting to the same manager? > Is there any way I can test this manually on the machine? Add new files? > The <alert_new_files> tag has been enabled only on the OSSEC server's conf > file. Does it need to be added on all the local agents as well? > The agents which are correctly reporting newly added files do not have this > tag. > No, it should be manager only. Are you sure syscheck has performed a scan since the new file was added? I'm not sure, but I don't think the new file alert works with realtime alerts, only with actual scans. > Please advise. > > Thanks, > > Abhi > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
