We are using solaris 11 and soalir 10 OS. I used the option because the configuration was used in Linux and I figure to use the same option - if realtime is not supported then I can remove it from the configuration.
On Fri, Sep 9, 2016 at 6:28 AM, dan (ddp) <[email protected]> wrote: > On Thu, Sep 8, 2016 at 2:40 PM, Stephen LuShing <[email protected]> > wrote: > > I install ossec in solaris and trying to check some directories so I > setup > > the following in ossec.conf > > > > > > <!-- Directories to check (perform all possible verifications) > changed > > made by steve --> > > <directories report_changes="yes" realtime="yes" > > check_all="yes">/etc,/usr/bin,/usr/sbin,/usr/sfw/bin</directories> > > <directories report_changes="yes" realtime="yes" > > check_all="yes">/bin,/sbin,/usr/ccs/bin</directories> > > <alert_new_files>yes</alert_new_files> > > > > When I started - I get the WARN message - will ossec check for it will be > > ignored. > > > > What facility on Solaris would OSSEC use to get realtime information? > > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/etc'. > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > '/usr/bin'. > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > > '/usr/sbin'. > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > > '/usr/sfw/bin'. > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/bin'. > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. > > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > > '/usr/ccs/bin'. > > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > > monitoring on directory: '/etc'. > > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > > monitoring on directory: '/usr/bin'. > > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > > monitoring on directory: '/usr/sbin'. > > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > > monitoring on directory: '/usr/sfw/bin'. > > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > > monitoring on directory: '/bin'. > > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > > monitoring on directory: '/sbin'. > > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real time > > monitoring on directory: '/usr/ccs/bin'. > > > > > > Stephen LuShing > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
