I have a question about new file creation and agentless. I have followed more than a few guides and changed the following setting
*added this to the local xml file* <rule id=”554″ level=”7″ overwrite=”yes”> <category>ossec</category> <decoded_as>syscheck_new_entry</decoded_as> <description>File added to the system.</description> <group>syscheck,</group> </rule> *added this to ossec xml file* <alert_new_files>yes</alert_new_files> *I view the queue file and see the file show up, but it does not alert. the normal behavior is working though if I make a change*. +++0:644:0:0:d41d8cd98f00b204e9800998ecf8427e:da39a3ee5e6b4b0d3255bfef95601890afd80709 !1416331050 /bin/jimtest40 so the file is being logged in the system, but never creates an alert... is this possible with agentless? If so, what the heck am I missing?? Thanks, Jim -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
