On Thu, Sep 11, 2014 at 12:34 PM, Macaulay Dias Souza <[email protected]> wrote: > Dan, > > I set this time for only test, isn`t real. > > I returned to original configuration and am getting alerts on various > events, normal. > > In relation to archives.log not been any alteration > > is the first time I had contact with a tool in this segment, so I have > difficulty in understanding the functioning >
Did you turn on the log all option on the manager? Did you then restart the OSSEC processes? > > > Em quinta-feira, 11 de setembro de 2014 13h05min23s UTC-3, Macaulay Dias > Souza escreveu: >> >> Hi guys, >> >> I'm testing the FIM of OSSEC. >> >> My server is a CentOS VM and my only client is a Windows 2008 Datacenter. >> >> In ossec.conf file windows added checking the following line: >> >> <- SysCheck - Integrity Checking config. -> >> <SysCheck> >> >> <- Default frequency, every 20 hours. It does not need to be higher >> - On most systems and one a day Should be enough. >> -> >> <frequency> 2 </ frequency> >> >> <- By default it is disabled. In the Install you must choose >> - To enable it. >> -> >> <disabled> the </ disabled> >> >> >> <- Default files to be Monitored - system32 only. -> >> >> <check_all directories = "yes" realtime = "yes"> C: \ temp </ >> directories> >> >> <- Windows registry entries to display. -> >> <windows_registry> HKEY_LOCAL_MACHINE \ Software \ Classes \ batfile >> </ windows_registry> >> >> I'm Running on CentOS command TAIL -F alerts.log to monitor the alerts >> that are being generated. >> >> However I noticed that some files that are changed in C: / temp are not >> shown or else take some time to be shown in the log file and some are shown >> paraticamente instantly that unless a change in document > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
