Hi Guys!
I've installed and configured OSSEC to get real time notifications, but
when I modify for instance /etc/passwd or /etc/hosts I don't get a real
time notification.
Scheduled notifications are working I receive events to my email.
In addition documentation tells that in ossec.log there should be a line
"Real time file monitoring started." which I never get.
Please advise
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>mx.yandex.net.</smtp_server>
<email_from>ossecm@myserver</email_from>
</global>
<!-- 550 changed, 553 deleted, 554 added -->
<email_alerts>
<email_to>[email protected]</email_to>
<rule_id>550, 553, 554</rule_id>
<do_not_delay />
</email_alerts>
<!-- Directories to check (perform all possible verifications) -->
<directories realtime="yes"
check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<alert_new_files>yes</alert_new_files>
<scan_on_start>no</scan_on_start>
<auto_ignore>no</auto_ignore>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
