On Fri, Dec 29, 2017 at 5:04 AM, <[email protected]> wrote: > Hello everyone, > I have some question for you... > > > 1. When a real time event occured, syscheck was restarted. Why? > > > For example. After I had edited /test/file.txt, syscheck was restart. I just > want OSSEC send me an alert about real time event, but does not restart > syscheck. Because syscheck process will take a few time. Can anyone help me > solve this problem? >
I don't understand. The ossec-syscheckd process exits and then starts again? Are there any logs in the ossec.log? Or maybe a segfault log in /var/log/messages or something? > > 2. What is operating principle of real-time in OSSEC? > > > I'm sorry because my english is not fluent. > Thank you very much. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
