Hello all, Enjoying getting to know ossec deeper than when I have used in the past. Unfortunately, have run into an issue with realtime file integrity checking. This also happens on other machines with 2.8 debian package or by compiling from latest wazuh source or ossec-hids source. Have tried on ubuntu 16.04 and 14.04.
With rootcheck disabled, realtime detection works instantly and without a hitch, but with rootcheck enabled, I get sporadic results...alert is delayed or does not occur at all. I can see from strace of ossec-syscheckd that rootcheck gets quite busy checking PIDS.... Is this a known issue? Thank you in advance... -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
