I have a new OSSEC install on a 2012r2 box and have set up on directory I
need to monitor in realtime for any changes or modifications to this one
specific folder. It does not appear to be working so any suggestions on
this would be appreciated. Here is the config from the client side 2012r2
server:
<directories check_all="yes" realtime="yes"
report_changes="yes">C:\LIS_Global_Import</directories>
Once I added this, I restarted the agent then forced the updated on the
server side:
# ./agent_control -r -u 019
I added to files into the directory being monitored and nothing, no alert,
no email, nada..
# ./syscheck_control -i 019
Integrity changes for agent 'xxxxxx (019) - x.x.x.x':
Changes for 2016 Nov 11:
2016 Nov 11 09:55:39,0 - ossec.conf
2016 Nov 11 10:08:58,0 - ossec.conf
2016 Nov 11 10:15:46,2 - ossec.conf
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
