On Wed, Aug 6, 2014 at 6:16 AM, Ameya Bhatkal <[email protected]> wrote: > Hi Everyone, > > I have setup OSSEC 2.8 Manager using Security Onion 12.04 LTS. The Ossec > Client agents have been installed on 6 Windows machines. > > I receive alerts for file additions and modifications but not when the > monitored files are deleted. > > I face the following issues: > > Issue 1 > > The Ossec agent has been configured to monitor folders. If a file within the > folder is deleted, then I do not receive any alert. Moreover the client > ossec log does not mention that the file is missing or deleted and there is > no entry in the alert.log file present in the Ossec Manager. > > Issue 2 > > The Ossec agent has been configured to monitor specific files. If a file > has been deleted, the client ossec log has the following entry: > > "2014/08/06 15:31:58 ossec-agent: WARN: Error opening directory: 'C:\Delete > check 2/Delete2.conf/': No such file or directory " > > But I do not receive any alert that a file has been deleted. The alert.log > file present in the Ossec Server does not reflect any such event. > > Rule 553 is present in the ossec_rules.xml and has not been tampered with. > > Could you kindly help me out with the issue. Any help will be greatly > appreciated! >
I think there was an issue with deleted files not being reported if you weren't using the realtime option. I also think that was corrected post 2.8. > Thanks in advance... > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
