Hi Dan, Yes I am using the realtime="yes" option for both the folder as well as specific files.
Hi Michael, I waited for 3 syscheck scans to complete before attempting to delete files. But still the problem persists!! On Wednesday, August 6, 2014 3:46:29 PM UTC+5:30, Ameya Bhatkal wrote: > > Hi Everyone, > > I have setup OSSEC 2.8 Manager using Security Onion 12.04 LTS. The Ossec > Client agents have been installed on 6 Windows machines. > > I receive alerts for file additions and modifications but not when the > monitored files are deleted. > > I face the following issues: > > *Issue 1* > > The Ossec agent has been configured to monitor folders. If a file within > the folder is deleted, then I do not receive any alert. Moreover the client > ossec log does not mention that the file is missing or deleted and there is > no entry in the alert.log file present in the Ossec Manager. > > *Issue 2* > > The Ossec agent has been configured to monitor specific files. If a file > has been deleted, the client ossec log has the following entry: > > "2014/08/06 15:31:58 ossec-agent: WARN: Error opening directory: > 'C:\Delete check 2/Delete2.conf/': No such file or directory " > > But I do not receive any alert that a file has been deleted. The alert.log > file present in the Ossec Server does not reflect any such event. > > Rule 553 is present in the ossec_rules.xml and has not been tampered with. > > Could you kindly help me out with the issue. Any help will be greatly > appreciated! > > Thanks in advance... > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
