I am running OSSEC 2.8.2 on Ubuntu 12.04 LTS as a server. I have a single test Windows 7 agent attached to it.
Everything so far appears to be working, however I am noticing that it takes about 45 minutes for the server (using agent-control –lc) to notice that the agent on the Win 7 box has stopped. This is true whether I stop the service using the Agent Manager GUI, directly from the Services.msc utility, or even if I completely uninstall the agent and reboot the machine. I can understand there being some delay, but I noticed that it was pretty quick to recognize the agent when it was started. Is there a config parameter that tells the server how often to check the status of the agents? I am okay with it taking that long if it is by design, but I wanted to make sure I am not having other issues. Bryan Carter -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
