On Wed, Feb 21, 2018 at 2:18 PM, Jorge Martins <[email protected]> wrote: > Hi, > > > Why wonder if this is the expected behaviour for syscheck > > > I tried having 2 differents frequencies so I tested by adding 2 entries of > <syscheck> on the ossec.conf, one having a 5 minutes frequency and other 2 > minutes. > > > <syscheck> > <disabled>no</disabled> > <frequency>300</frequency> > > <directories check_all="yes">E:/syscheck1</directories> > </syscheck> > > > <syscheck> > <disabled>no</disabled> > <frequency>120</frequency> > > <directories check_all="yes">E:/syscheck2</directories> > </syscheck> > > > What happen was this: > > Either where recognized by the agent > > > 2018/02/21 18:49:30 ossec-agent: INFO: Monitoring directory: 'E:/syscheck1', > with options perm | size | owner | group | md5sum | sha1sum | mtime | inode. > 2018/02/21 18:49:30 ossec-agent: INFO: Monitoring directory: 'E:/syscheck2', > with options perm | size | owner | group | md5sum | sha1sum | mtime | inode. > > The scan frequency anounced on the log was the second one > > > 2018/02/21 18:50:00 ossec-agent: INFO: Syscheck scan frequency: 120 seconds > > > But the frequency adopted was the first one (5 minutes) > > > 2018/02/21 18:51:00 ossec-agent: INFO: Starting syscheck scan. > 2018/02/21 18:51:31 ossec-agent: INFO: Ending syscheck scan. > 2018/02/21 18:56:31 ossec-agent: INFO: Starting syscheck scan. > 2018/02/21 18:57:15 ossec-agent: INFO: Ending syscheck scan. > 2018/02/21 19:02:15 ossec-agent: INFO: Starting syscheck scan. > 2018/02/21 19:02:57 ossec-agent: INFO: Ending syscheck scan. > > The agent reported correctly file changes in both folders >
Sounds like a bug in handling a bad configuration. > > Thanks > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
