[ossec-list] in solaris - does realtime check work?

Thu, 08 Sep 2016 11:58:11 -0700 

I install ossec in solaris and trying to check some directories so I setup
the following in ossec.conf


    <!-- Directories to check  (perform all possible verifications) changed
made by steve -->
    <directories report_changes="yes" realtime="yes"
check_all="yes">/etc,/usr/bin,/usr/sbin,/usr/sfw/bin</directories>
    <directories report_changes="yes" realtime="yes"
check_all="yes">/bin,/sbin,/usr/ccs/bin</directories>
    <alert_new_files>yes</alert_new_files>

When I started - I get the WARN message - will ossec check for it will be
ignored.

2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/etc'.
2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'.
2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory:
'/usr/sbin'.
2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory:
'/usr/sfw/bin'.
2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/bin'.
2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/sbin'.
2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory:
'/usr/ccs/bin'.
2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/etc'.
2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/usr/bin'.
2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/usr/sbin'.
2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/usr/sfw/bin'.
2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/bin'.
2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/sbin'.
2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/usr/ccs/bin'.


Stephen LuShing

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to