[ossec-list] syscheck frequency question

[Oliver Wittenburg]

Hi all,

i have a perhaps stupid ossec beginners question.
My syscheck configuration is:

  <syscheck>
    <frequency>3600</frequency>
    <scan_on_start>yes</scan_on_start>
    <skip_nfs>yes</skip_nfs>
    <alert_new_files>yes</alert_new_files>
    <auto_ignore>no</auto_ignore>
    <directories realtime="no" check_all="yes" report_changes="yes">/boot
</directories>
    <directories realtime="no" check_all="yes" report_changes="yes">/etc
</directories>
    <directories realtime="no" check_all="yes" report_changes="yes">
/usr/local/etc</directories>
    <directories realtime="no" check_all="yes">/bin</directories>
    <directories realtime="no" check_all="yes">/usr/bin</directories>
    <directories realtime="no" check_all="yes">/sbin</directories>
    <directories realtime="no" check_all="yes">/usr/sbin</directories>
    <directories realtime="no" check_all="yes">
/lib,/lib64,/usr/lib,/usr/lib64</directories>
    <directories realtime="no" check_all="yes">/usr/local/bin</directories>
    <directories realtime="no" check_all="yes">/usr/local/sbin</directories>
    <directories realtime="no" check_all="yes">/usr/local/lib</directories>
    <directories realtime="no" check_all="yes">/usr/local/lib64
</directories>
    <directories realtime="no" check_all="yes">/opt</directories>
  </syscheck>

The frequency should be 1 hour but when i look at the logfile i see a 
frequency of 1 hour plus five minutes:

2019/01/25 01:19:45 ossec-syscheckd: INFO: Starting syscheck scan.
2019/01/25 01:20:06 ossec-syscheckd: INFO: Ending syscheck scan.
2019/01/25 02:25:06 ossec-syscheckd: INFO: Starting syscheck scan.
2019/01/25 02:25:27 ossec-syscheckd: INFO: Ending syscheck scan.
2019/01/25 03:30:27 ossec-syscheckd: INFO: Starting syscheck scan.
2019/01/25 03:30:49 ossec-syscheckd: INFO: Ending syscheck scan.
2019/01/25 04:35:49 ossec-syscheckd: INFO: Starting syscheck scan.
2019/01/25 04:36:10 ossec-syscheckd: INFO: Ending syscheck scan.
2019/01/25 05:41:10 ossec-syscheckd: INFO: Starting syscheck scan.
2019/01/25 05:41:32 ossec-syscheckd: INFO: Ending syscheck scan.

No matter which frequency value i am using it is always plus five minutes.
Enabling/Disabling realtime monitoring has no effect. 

Do i miss some settings? Are these 5 minutes intentional?

Thanks for your help,

Oliver

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.