Well think I got it...details here:


seems like <auto_ignore> was biting me....also check_pids on rootkit taking 
forever to process, so between the two....

Hopefully this all helps someone down the road.

On Tuesday, October 18, 2016 at 8:32:27 PM UTC-4, Liam Curtis wrote:
> Hello all,
> Enjoying getting to know ossec deeper than when I have used in the past. 
> Unfortunately, have run into an issue with realtime file integrity 
> checking. This also happens on other machines with 2.8 debian package or by 
> compiling from latest wazuh source or ossec-hids source. Have tried on 
> ubuntu 16.04 and 14.04. 
> With rootcheck disabled, realtime detection works instantly and without a 
> hitch, but with rootcheck enabled, I get sporadic results...alert is 
> delayed or does not occur at all.
> I can see from strace of ossec-syscheckd that rootcheck gets quite busy 
> checking PIDS....
> Is this a known issue? Thank you in advance...


You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to