Hello all,

Enjoying getting to know ossec deeper than when I have used in the past. 
Unfortunately, have run into an issue with realtime file integrity 
checking. This also happens on other machines with 2.8 debian package or by 
compiling from latest wazuh source or ossec-hids source. Have tried on 
ubuntu 16.04 and 14.04. 

With rootcheck disabled, realtime detection works instantly and without a 
hitch, but with rootcheck enabled, I get sporadic results...alert is 
delayed or does not occur at all.

I can see from strace of ossec-syscheckd that rootcheck gets quite busy 
checking PIDS....

Is this a known issue? Thank you in advance...


You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to