But Also....any way to speed up the PID_CHECK? seems to take a very long 
time to finish, during which realtime monitoring does not work.

On Tuesday, October 18, 2016 at 10:22:11 PM UTC-4, Liam Curtis wrote:
>
> Well think I got it...details here:
>
> https://github.com/ossec/ossec-hids/issues/973
>
> seems like <auto_ignore> was biting me....also check_pids on rootkit 
> taking forever to process, so between the two....
>
> Hopefully this all helps someone down the road.
>
>
> On Tuesday, October 18, 2016 at 8:32:27 PM UTC-4, Liam Curtis wrote:
>>
>> Hello all,
>>
>> Enjoying getting to know ossec deeper than when I have used in the past. 
>> Unfortunately, have run into an issue with realtime file integrity 
>> checking. This also happens on other machines with 2.8 debian package or by 
>> compiling from latest wazuh source or ossec-hids source. Have tried on 
>> ubuntu 16.04 and 14.04. 
>>
>> With rootcheck disabled, realtime detection works instantly and without a 
>> hitch, but with rootcheck enabled, I get sporadic results...alert is 
>> delayed or does not occur at all.
>>
>> I can see from strace of ossec-syscheckd that rootcheck gets quite busy 
>> checking PIDS....
>>
>>
>> Is this a known issue? Thank you in advance...
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to