I think that realtime monitoring is not supported under solaris. eero
8.9.2016 9.40 ip. "Stephen LuShing" <[email protected]> kirjoitti: > I install ossec in solaris and trying to check some directories so I setup > the following in ossec.conf > > > <!-- Directories to check (perform all possible verifications) > changed made by steve --> > <directories report_changes="yes" realtime="yes" > check_all="yes">/etc,/usr/bin,/usr/sbin,/usr/sfw/bin</directories> > <directories report_changes="yes" realtime="yes" > check_all="yes">/bin,/sbin,/usr/ccs/bin</directories> > <alert_new_files>yes</alert_new_files> > > When I started - I get the WARN message - will ossec check for it will be > ignored. > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/etc'. > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > '/usr/bin'. > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > '/usr/sbin'. > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > '/usr/sfw/bin'. > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/bin'. > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > '/usr/ccs/bin'. > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > monitoring on directory: '/etc'. > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > monitoring on directory: '/usr/bin'. > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > monitoring on directory: '/usr/sbin'. > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > monitoring on directory: '/usr/sfw/bin'. > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > monitoring on directory: '/bin'. > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > monitoring on directory: '/sbin'. > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > monitoring on directory: '/usr/ccs/bin'. > > > Stephen LuShing > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
