Syscheck uses *inotify *in order to perform the *real time *and it is not available in Solaris.
Regards. On Thursday, September 8, 2016 at 9:34:16 PM UTC+2, Eero Volotinen wrote: > > I think that realtime monitoring is not supported under solaris. > > eero > > 8.9.2016 9.40 ip. "Stephen LuShing" <[email protected] <javascript:>> > kirjoitti: > >> I install ossec in solaris and trying to check some directories so I >> setup the following in ossec.conf >> >> >> <!-- Directories to check (perform all possible verifications) >> changed made by steve --> >> <directories report_changes="yes" realtime="yes" >> check_all="yes">/etc,/usr/bin,/usr/sbin,/usr/sfw/bin</directories> >> <directories report_changes="yes" realtime="yes" >> check_all="yes">/bin,/sbin,/usr/ccs/bin</directories> >> <alert_new_files>yes</alert_new_files> >> >> When I started - I get the WARN message - will ossec check for it will be >> ignored. >> >> 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/etc'. >> 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: >> '/usr/bin'. >> 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: >> '/usr/sbin'. >> 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: >> '/usr/sfw/bin'. >> 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/bin'. >> 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. >> 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: >> '/usr/ccs/bin'. >> 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time >> monitoring on directory: '/etc'. >> 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time >> monitoring on directory: '/usr/bin'. >> 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time >> monitoring on directory: '/usr/sbin'. >> 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time >> monitoring on directory: '/usr/sfw/bin'. >> 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time >> monitoring on directory: '/bin'. >> 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time >> monitoring on directory: '/sbin'. >> 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time >> monitoring on directory: '/usr/ccs/bin'. >> >> >> Stephen LuShing >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
