On Tue, Nov 18, 2014 at 12:54 PM, Jim Nofsinger <[email protected]> wrote: > I have a question about new file creation and agentless. I have followed > more than a few guides and changed the following setting >
Did you restart the OSSEC processes after making this change? > added this to the local xml file > <rule id=”554″ level=”7″ overwrite=”yes”> > <category>ossec</category> > <decoded_as>syscheck_new_entry</decoded_as> > <description>File added to the system.</description> > <group>syscheck,</group> > </rule> > > > added this to ossec xml file > <alert_new_files>yes</alert_new_files> > > > I view the queue file and see the file show up, but it does not alert. the > normal behavior is working though if I make a change. > > +++0:644:0:0:d41d8cd98f00b204e9800998ecf8427e:da39a3ee5e6b4b0d3255bfef95601890afd80709 > !1416331050 /bin/jimtest40 > > > so the file is being logged in the system, but never creates an alert... is > this possible with agentless? If so, what the heck am I missing?? > > > > Thanks, > > Jim > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
