On Wed, Sep 27, 2017 at 5:25 PM, Leroy Tennison <leroy.tenni...@gmail.com> wrote: > I should have said that this was a new install, the start of the agent was > as a result of completing the installation. >
So they weren't already in the syscheck db? If they were not in the db already, they're new files. > On Wednesday, September 27, 2017 at 8:04:28 AM UTC-5, dan (ddpbsd) wrote: >> >> On Fri, Sep 22, 2017 at 12:11 PM, Leroy Tennison >> <leroy.t...@gmail.com> wrote: >> > Couldn't find anything about this is the archives, I started the agent >> > and >> > about 10 minutes later got an email with about 100 files listed as being >> > new. The first 20 were in /usr/share/i18n/locales and I looked at about >> > the >> > first 10. Using stat to display the access/modify/change time stamps >> > for >> > all files in the directory and sorting the list, as best as I can tell, >> > all >> > files in the directory (338 total) were accessed after starting the >> > agent >> > but only 20 surfaced as being new files. Scanning through the list, it >> > appears that all change dates are 8/14/17 and all modification dates are >> > 6/16/17 (I individually checked some of those reported as new files). >> > >> >> There have been reports of syscheck missing files on a scan, perhaps >> those were missed previously? >> >> > Any ideas? Anything i need to post? Thanks for the help. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
