Hi all,
I've been having this weird issue with OSSEC. I setup an agent in one
server, and things seem okay at first.
When I modify a file that is being monitored (/etc/passwd) I'd have to wait
a significant time for it to trigger an alert (unless I manually run the
syscheckd). So I went to /var/ossec/etc/ossec.conf (on the Server being
monitored side) and modified it as follows:
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>30</frequency>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories>
So the frequency is 30 (which I believe is in seconds).
Correct me if I'm wrong, but I thought this would mean the syscheck would
run every 30 seconds? meaning if I modify a file, it'll take a max of 30
seconds for it to trigger an alert, right?
If so, then why is it not triggering? I've been waiting for minutes and
minutes and nothing happens. This has been puzzling me.
Thank you.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
