Hi Yousif,
as Dan said, the minimum is around 300 seconds. Do not set a lower value.
It is possible to improve the syscheck performance, changing this option in*
local_internal_options.conf*:
syscheck.sleep=2 // change to 1 or 0
syscheck.sleep_after=15 // change for a greater value
By
On Mon, Nov 21, 2016 at 7:34 AM, Yousif Johny wrote:
> Hi all,
>
> I've been having this weird issue with OSSEC. I setup an agent in one
> server, and things seem okay at first.
>
> When I modify a file that is being monitored (/etc/passwd) I'd have to wait
> a significant
Hi all,
I've been having this weird issue with OSSEC. I setup an agent in one
server, and things seem okay at first.
When I modify a file that is being monitored (/etc/passwd) I'd have to wait
a significant time for it to trigger an alert (unless I manually run the
syscheckd). So I went to