[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] alert_new_files
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] alert_new_files
- From: "Serge Dubrouski" <sergeyfd@xxxxxxxxx>
- Date: Thu, 24 May 2007 20:29:55 -0600
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UbvqAW/VVU0+wmphGIXzdGedDj+5BL7Y2hOiIVPIkfpp/LnEGs2skUJays10z8kqn/2QKyE/A+VW4IE7uhw7NND9kcDtHGBkzb8vI5pA6L6O2tUZmWVZHhcFJao8jPAA2uYrPXz1LykummHj9KOCNi4PqnQZOlqgaxCt5V+d7B4=
Hello -
I might be mistaken but it looks like there is a bug in handling
"alert_new_files" config option. Per documentation that option has to
be used in <syscheck> part of ossec.conf file. But per source code in
syscheck-config.c that option isn't processed there:
else if(strcmp(node[i]->element,xml_alert_new_files) == 0)
{
/* alert_new_files option is not read here. */
}
though there is a code to read and process it in global_config.c:
else if(strcmp(node[i]->element,xml_alert_new_files) == 0)
{
if(strcmp(node[i]->content, "yes") == 0)
{
Config->syscheck_alert_new = 1;
}
else if(strcmp(node[i]->content, "no") == 0)
{
Config->syscheck_alert_new = 0;
}
Now when I set this option in <sycheck> it's ignored bu ossec and I
receive no alarms on new files. If I try to set this option in
<global> section then ossec complains about an error in configuration:
2007/05/24 20:29:48 ossec-maild(1230): Invalid element in the
configuration: 'alert_new_files'.
2007/05/24 20:29:48 ossec-maild(1202): Configuration error at
'/var/ossec/etc/ossec.conf'. Exiting.
2007/05/24 20:29:48 ossec-maild(1202): Configuration error at
'/var/ossec/etc/ossec.conf'. Exiting.
ossec-maild: Configuration error. Exiting
So where is the real problem?
Thanks.
Serge Dubrouski.
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.