Does this still apply? 
I have this option enabled: <alert_new_files>yes</alert_new_files> along 
with the realtime=yes.

>From another post on the list:
>In the past new files were not alerted in real time. I'm not sure if 
>this has changed. Any of the developers know? 

Another question , by reading this 
I can see that there are values that can be adjusted, for example host 
information, by default 8, how do I interpret that, there greater the 
number more verbose? I just made some modification under  /etc, created 
some file modified other just to test, but still have no e-mail, I'm only 
getting an e-mail regarding a service log and nothing else, which is the 
parameter to tell ossec to send all the issues?

Last question:
2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck scan 
(forwarding database).
2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck database 
2016/10/13 11:10:35 ossec-syscheckd: INFO: Initializing real time file 
monitoring (not started).

Which service is not started?  the doc says the package inotify should be 
installed and I have it inotify-tools-3.13-2.el6.art.x86_64

Thank you very much!!

El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) escribió:
> On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic <netwar...@gmail.com 
> <javascript:>> wrote: 
> > 
> > Hi 
> > Let's see, shouldn't I have to configure on each tag to which directory 
> I 
> > want to apply it? as in check_all , directories,  realtime and which 
> > directories, or are they global parameters? that's why I included home 
> and 
> > root on both of them. 
> > 
> Each option applies to the directories configured in it. 
> > <directories 
> > 
> check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin</directories> 
> > 
> This checks all of the hashes, owner, and permissions. 
> >  <directories realtime="yes" 
> check_all="yes">/root,/home,/etc</directories> 
> > 
> This does realtime checks of all of the above, and should produce an 
> error because the "/root," "/home," and "/etc" directories are 
> duplicated. 
> Duplication of directories can cause issues, so it's best not to do 
> it. The way to solve this is not to duplicate these directories in the 
> second configuration by not including them in the first. 
> For example: 
> <directories check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin</directories> 
> <directories check_all="yes" realtime="yes">/root,/home,/etc</directories> 
> Now, if you want to add "report_changes" to /etc, you'll have to 
> remove it from the above configuration. You'll end up with: 
> <directories check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin</directories> 
> <directories check_all="yes" realtime="yes">/root,/home</directories> 
> <directories check_all="yes" realtime="yes" 
> report_changes="yes">/etc</directories> 
> > 
> > Thank you very much 
> > Best Regerds 
> > 


You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to