I followed the instructions to how to set up alert for add new file as follows:
<rule id="554" level="10" overwrite="yes"> <category>ossec</category> <decoded_as>syscheck_new_entry</decoded_as> <description>File added to the system.</description> <group>syscheck,</group></rule> and <syscheck> <frequency>7200</frequency> <alert_new_files>yes</alert_new_files> <directories check_all="yes">/etc,/bin,/sbin</directories></syscheck> But it never works. I can not get alerts even I restart the agent and manager. Could any one help me with this, thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
