[ossec-list] Included temp dir on client for testing but get no response

Tue, 11 May 2010 14:16:23 -0700 

yet when I modify the win.ini I get the response  here is the line I included 
am I missing something else. Thank You 
 
<rootcheck>
    <windows_audit>./shared/win_audit_rcl.txt</windows_audit>
    <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
    <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
  </rootcheck>  
 

   <!-- Syscheck - Integrity Checking config. -->
  <syscheck>
  
    <!-- Default frequency, every 20 hours. It doesn't need to be higher
      -  on most systems and one a day should be enough.
      -->
    <frequency>720</frequency>    
    <alert_new_files>yes</alert_new_files>
    <auto_ignore>no</auto_ignore> 
 
    <!-- By default it is disabled. In the Install you must choose
      -  to enable it.
      -->
    <disabled>no</disabled>  
 

    <!-- Default files to be monitored - system32 only. -->
    <directories check_all="yes">%WINDIR%/win.ini</directories>
    <directories check_all="yes">%WINDIR%/system.ini</directories>
    <directories check_all="yes">C:\autoexec.bat</directories>
    <directories check_all="yes">C:\config.sys</directories>
    <directories check_all="yes">C:\boot.ini</directories>
    <directories check_all="yes">%WINDIR%/System32/CONFIG.NT</directories>
    <directories check_all="yes">%WINDIR%/temp/</directories>
    <directories check_all="yes">%WINDIR%/System32/AUTOEXEC.NT</directories>
    <directories check_all="yes">%WINDIR%/System32/at.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/attrib.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/cacls.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/debug.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/drwatson.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/drwtsn32.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/edlin.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/eventcreate.exe</directories>
    <directories 
check_all="yes">%WINDIR%/System32/eventtriggers.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/ftp.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/net.exe</directories>
    <directories check_all="yes">%WINDIR%/System32/net1.exe</directories>

Reply via email to