[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: alert_new_files problem

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: alert_new_files problem
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Wed, 10 Oct 2007 19:38:30 -0300
Authentication-results: mx.google.com; spf=pass (google.com: domain of daniel.cid@xxxxxxxxx designates 64.233.184.232 as permitted sender) smtp.mail=daniel.cid@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Cc: jpktan@xxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=YZZH4CpYsrJ78sjoENl/1ngQ1IDqmvmXh8LDErCa5Uw=; b=co1JjfPwq9pa6G0Zl2HRKyhgMtXT7xL+RCRDbxnlSMNqk/bgwiJDO3OGeSwRHbyYyAaGDc9EGeW/0kfsmnU1d1x+RMkUd0hHZsoVkN/kUNGkSd1jzl3J4DyBVZXn3tI3eQnmwK4QrAzp0OG9MpoyBTqCOtXpGe6K0M3eBQ2rwiw=

Hi John,

You need to add this configuration to the ossec server, not the agent
(same to the auto_ignore option).

*Also, the alert will only come by the next time syscheck runs (which
is by default every
12 hours).

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 10/9/07, PKTan <jpktan@xxxxxxxxxxxx> wrote:
>
>
>
> Hi,
>       I  am evaluating the OSSEC software, tried configure the alert_new_files option in the syscheck configuration , but it didn't work.
>       I created a "c:\test" folder with 2 files. Added the following to the window  oseec agent ossec.conf
>
>       syscheck>
> <frequency>60</frequency>
>   <directories check_all="yes">C:\test</directories>
>   <alert_new_files>yes</alert_new_files>
>   <auto_ignore>no</auto_ignore>
>
>     ...
>     ...
>     ...
>     ...
>   </syscheck>
>
> after restarting the agent , I added  files into the c"\test directory, but OSSEC-SERVER didn't receive any new file alert.
>
> Anyone can advise what go wrong ?
>
> Do I need to make any chance to the server ossec.conf file ?
>
> your prompt reply is greatly appreciated.
>
> Thank you in advance.
>
>
> Regards
> John
>
>
>
> <
>        ________________________________

>   Real people. Real questions. Real answers. Share what you know.

References:
- [ossec-list] alert_new_files problem
  - From: PKTan

Prev by Date: [ossec-list] Re: Syslog-NG with OSSEC Questions!
Next by Date: [ossec-list] Re: AIX 5.3 sshd logins and sudo
Previous by thread: [ossec-list] alert_new_files problem
Next by thread: [ossec-list] clear Ossec alert log
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.