appreciate it. On Thursday, July 9, 2015 at 8:48:24 PM UTC+9, dan (ddpbsd) wrote: > > > On Jul 9, 2015 5:16 AM, "Chinguun Bayar" <[email protected] <javascript:>> > wrote: > > > > > > > > On Wednesday, July 8, 2015 at 10:02:03 PM UTC+9, dan (ddpbsd) wrote: > >> > >> > >> On Jul 8, 2015 5:57 AM, "Chinguun Bayar" <[email protected]> wrote: > >> > > >> > Hello guys? > >> > > >> > I have configured OSSec server(running in UBuntu) and with two > agents(1 centos,1 windows).Almost working well. But i have a few question. > >> > 1.when i changed file in linux age rule triggered alert almost 4 > minute (i've configured frequency 60 both in server and agent ) . what's > wrong with it? > >> > >> 60 seconds is too short a time period. OSSEC will run scans > periodically, but it won't start a new one until the previous has finished, > and the frequency set isn't precise. If you want quicker notifications of > modified files, use the inotify support for near realtime alerting. > >> > >> > 2.What is the difference between agent and server frequency ? > How they work? > > > > > >> > >> There are a number of configurable frequencies, which do you mean? > >> > >> > 3.Where is stored log from agent in server ? How they know file > changed ? where is store previous hash ?? > >> > > > > > thanks for response . I mean i can configure frequency both in server > and agent.What's difference them ?? > >> > > The frequency configured on the agent configures the agent, the frequency > on the server (in the ossec.conf) configures the server. > > >> Alerts are recorded in /var/ossec/logs/alerts. File hashes are reported > from the agent to the manager. Current syscheck data is stored in > /var/ossec/queue/syscheck. > >> > >> > thanks > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >> > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
