http://tonyonsecurity.com/2013/07/27/ossec-detecting-new-files-understanding-how-it-works/ Enviado desde mi iPhone
> El 11/09/2014, a las 20:48, "Macaulay Dias Souza" > <[email protected]> escribió: > > Dan, thanks again, I noticed that not generating this log in real time as the > test file has already been changed more than 3 times, and as standard they > are now ignored. > > I believe this was my mistake, because whenever I edit a new doc it is shown > in real time > > > > > Em quinta-feira, 11 de setembro de 2014 13h05min23s UTC-3, Macaulay Dias > Souza escreveu: >> >> Hi guys, >> >> I'm testing the FIM of OSSEC. >> >> My server is a CentOS VM and my only client is a Windows 2008 Datacenter. >> >> In ossec.conf file windows added checking the following line: >> >> <- SysCheck - Integrity Checking config. -> >> <SysCheck> >> >> <- Default frequency, every 20 hours. It does not need to be higher >> - On most systems and one a day Should be enough. >> -> >> <frequency> 2 </ frequency> >> >> <- By default it is disabled. In the Install you must choose >> - To enable it. >> -> >> <disabled> the </ disabled> >> >> >> <- Default files to be Monitored - system32 only. -> >> >> <check_all directories = "yes" realtime = "yes"> C: \ temp </ >> directories> >> >> <- Windows registry entries to display. -> >> <windows_registry> HKEY_LOCAL_MACHINE \ Software \ Classes \ batfile </ >> windows_registry> >> >> I'm Running on CentOS command TAIL -F alerts.log to monitor the alerts that >> are being generated. >> >> However I noticed that some files that are changed in C: / temp are not >> shown or else take some time to be shown in the log file and some are shown >> paraticamente instantly that unless a change in document > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
