[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ossec-list] Syscheck doesn't seem to work ?
- Subject: [Ossec-list] Syscheck doesn't seem to work ?
- From: daniel.cid at gmail.com (Daniel Cid)
- Date: Thu, 6 Apr 2006 12:05:44 -0300
Hi Fred,
Wait a little bit for the syscheck messages. Syscheck by default is
executed every 2 hours, with the minimum value being 1 hour
(3600 seconds). Scaning all your files every 60 seconds is not
a very good idea (it will kill your system performance). I could
probably lower this requirement to be any value, but I don't
think it is a good idea.
Some information about syscheck:
http://www.ossec.net/en/manual.html#syscheck_options
Thanks,
--
Daniel B. Cid
dcid @ ( at ) ossec.net
http://www.ossec.net
On 4/6/06, Fred <fcr-mailings at nerim.net> wrote:
> Hello,
>
> Well, I installed one agent and one server for tests.
>
> Problem is that system integrity doesn't seem to work:
>
> 1) on agent, I use:
> - frequency=60
> - directories=/etc/hosts (tried with /etc too)
> 2) I modify /etc/hosts, wait 2 minutes, then modify again
> /etc/hosts, wait 2 minutes again
> 3) I don't have any reporting emails...?
>
> I'm sure email reporting works: if I run "tcpdump" on agent machine, server
> sends an alert email.
>
> Some informations:
>
> - I run OSSEC HIDS 0.6p1
> - Syscheckd is not "on" on server. Should I ? Only agent is
> interesting me.
>
> Thanks for your help.
>
> Fred
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.