Hi guys,
I'm testing the FIM of OSSEC.
My server is a CentOS VM and my only client is a Windows 2008 Datacenter.
In ossec.conf file windows added checking the following line:
<- SysCheck - Integrity Checking config. ->
<SysCheck>
<- Default frequency, every 20 hours. It does not need to be higher
- On most systems and one a day Should be enough.
->
*<frequency> 2 </ frequency> *
<- By default it is disabled. In the Install you must choose
- To enable it.
->
<disabled> the </ disabled>
<- Default files to be Monitored - system32 only. ->
* <check_all directories = "yes" realtime = "yes"> C: \ temp </
directories> *
<- Windows registry entries to display. ->
<windows_registry> HKEY_LOCAL_MACHINE \ Software \ Classes \ batfile
</ windows_registry>
I'm Running on CentOS command TAIL -F alerts.log to monitor the alerts that
are being generated.
However I noticed that some files that are changed in C: / temp are not
shown or else take some time to be shown in the log file and some are shown
paraticamente instantly that unless a change in document
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
