subject:"\[ossec\-list\] Agent Syscheck Frequency Issue"

Re: [ossec-list] Agent Syscheck Frequency Issue

2016-11-21 Thread Jesus Linares

Hi Yousif, as Dan said, the minimum is around 300 seconds. Do not set a lower value. It is possible to improve the syscheck performance, changing this option in* local_internal_options.conf*: syscheck.sleep=2 // change to 1 or 0 syscheck.sleep_after=15 // change for a greater value By

Re: [ossec-list] Agent Syscheck Frequency Issue

2016-11-21 Thread dan (ddp)

On Mon, Nov 21, 2016 at 7:34 AM, Yousif Johny wrote: > Hi all, > > I've been having this weird issue with OSSEC. I setup an agent in one > server, and things seem okay at first. > > When I modify a file that is being monitored (/etc/passwd) I'd have to wait > a significant

[ossec-list] Agent Syscheck Frequency Issue

2016-11-21 Thread Yousif Johny

Hi all, I've been having this weird issue with OSSEC. I setup an agent in one server, and things seem okay at first. When I modify a file that is being monitored (/etc/passwd) I'd have to wait a significant time for it to trigger an alert (unless I manually run the syscheckd). So I went to