Hi, You probably have to wait a little more until the changes are send over. The scan itself takes more than 20 minutes to start, so if you are making these changes as soon as you start ossec, they will not be picked up.
If you want realtime detection, use the "realtime" option: http://www.ossec.net/main/manual/manual-syscheck/realtime-file-integrity-monitoring/ Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Mon, Jul 12, 2010 at 7:32 AM, ItsMikeE <goo...@ernstoff.net> wrote: > I have done a server installation on RHEL5. There are no agents yet. > > I am carrying out some basic testing and not seeing any file integrity > checking. > I have changed frequency to 90 seconds > I have tried using both one of the standard directories (/usr/sbin) > and a custom one (/var/ossec-test). > The log file tells me that the directory is being checked, but I am > not seeing any changes detected. I have tried adding new files, > deleting files and amending files. > > I have seen a few CIS alerts and details of some logins and sudos, so > the various ossec processes are running. > > Any ideas?
