Well think I got it...details here:
seems like <auto_ignore> was biting me....also check_pids on rootkit taking
forever to process, so between the two....
Hopefully this all helps someone down the road.
On Tuesday, October 18, 2016 at 8:32:27 PM UTC-4, Liam Curtis wrote:
> Hello all,
> Enjoying getting to know ossec deeper than when I have used in the past.
> Unfortunately, have run into an issue with realtime file integrity
> checking. This also happens on other machines with 2.8 debian package or by
> compiling from latest wazuh source or ossec-hids source. Have tried on
> ubuntu 16.04 and 14.04.
> With rootcheck disabled, realtime detection works instantly and without a
> hitch, but with rootcheck enabled, I get sporadic results...alert is
> delayed or does not occur at all.
> I can see from strace of ossec-syscheckd that rootcheck gets quite busy
> checking PIDS....
> Is this a known issue? Thank you in advance...
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.