2012/9/19 dan (ddp) <ddp...@gmail.com>: > On Wed, Sep 19, 2012 at 6:59 AM, Andreas Lang <pfsec...@googlemail.com> wrote: >> Hello, >> >> We have some questions regarding analysing log files with OSSEC referring to >> the log file requirements in PCI-DSS 10.5.5. >> >> PCI DSS 10.5.5.: >> Use file-integrity monitoring or change-detection software on logs to ensure >> that existing log data cannot be changed without generating alerts (although >> new data being added should not cause an alert). >> >> To cover this issue we wanted to enable real-time monitoring on our log file >> directories. Unfortunately we are getting this error: >> Ignoring flag for real time monitoring on directory: '/data/' >> >> Our servers are based on Ubuntu 10.04, 11.04 and 11.10, all x64 systems. We >> are using OSSEC 2.5 for clients and server. I know, that for real-time >> monitoring the tool inotify-tools must be installed, but unfortunately this >> didn’t resolve the issue. >> Do you have any suggestions have we can make the real-time monitoring of >> growing log files working correctly? >> >> Thank you very much in advantage >> >> Regards. >> >> Andreas Lang >> > > Are you sure the inotify stuff was enabled in the build? It sounds > like the support didn't get compiled in.
does ossec support log analysis in realtime? or only directory checksumming realtime? -- Eero