Hi,
Why wonder if this is the expected behaviour for syscheck
I tried having 2 differents frequencies so I tested by adding 2 entries
of <syscheck> on the ossec.conf, one having a 5 minutes frequency and other
2 minutes.
<syscheck>
<disabled>no</disabled>
<frequency>300</frequency>
<directories check_all="yes">E:/syscheck1</directories>
</syscheck>
<syscheck>
<disabled>no</disabled>
<frequency>120</frequency>
<directories check_all="yes">E:/syscheck2</directories>
</syscheck>
What happen was this:
- Either where recognized by the agent
2018/02/21 18:49:30 ossec-agent: INFO: Monitoring directory:
'E:/syscheck1', with options perm | size | owner | group | md5sum | sha1sum
| mtime | inode.
2018/02/21 18:49:30 ossec-agent: INFO: Monitoring directory:
'E:/syscheck2', with options perm | size | owner | group | md5sum | sha1sum
| mtime | inode.
- The scan frequency anounced on the log was the second one
2018/02/21 18:50:00 ossec-agent: INFO: Syscheck scan frequency: 120 seconds
- But the frequency adopted was the first one (5 minutes)
2018/02/21 18:51:00 ossec-agent: INFO: Starting syscheck scan.
2018/02/21 18:51:31 ossec-agent: INFO: Ending syscheck scan.
2018/02/21 18:56:31 ossec-agent: INFO: Starting syscheck scan.
2018/02/21 18:57:15 ossec-agent: INFO: Ending syscheck scan.
2018/02/21 19:02:15 ossec-agent: INFO: Starting syscheck scan.
2018/02/21 19:02:57 ossec-agent: INFO: Ending syscheck scan.
- The agent reported correctly file changes in both folders
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
