I have been testing the realtime directive and am finding that only files in the listed directory are seen right away. Files in subfolders do not appear to be affected. For realtime to work, do you need to list each directory separately? I also have the check_all="yes".
In my config, I have <directory check_all="yes" realtime="yes">/test</directory> The file /test/file1.txt is properly detected when it is changed The file /test/subfolder/file2.txt is not. It appears as though the realtime directive isn't recursive. Is this correct or am I doing something wrong? This is a fresh install on OSSEC 2.1.1 on CentOS 5.3 32bit. Thank you. Kirk Frankovich Systems Administrator 847.427.5223 - Direct 847.489.4717 - Cell [email protected] Fort Dearborn Company 1530 Morse Ave Elk Grove Village, IL 60007 -- Confidentiality Notice: This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution, copying or taking any action in reliance upon this information is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. This message was scanned by ESVA and is believed to be clean.
