On Fri, Jan 2, 2015 at 1:49 PM, Glenn Ford <[email protected]> wrote: > According to the documentation only syscheck supports scan time/date. > Appaears rootcheck only supports frequency. > > However, You could cron job easily enough agent_control (in bin folder on > ossec server) and use the -u option to specify agentid but this also does a > syscheck. > > I am surprised rootcheck doesnt have the scan time/date support and you > could request this added if indeed documentation is accurate and not > supported. >
If it's not already supported and undocumented, adding the support should be pretty easy. We can be fairly quick with pull requests. > I am not sure when frequency is, I'd presume at T0 from last completion. > > On Friday, January 2, 2015 1:33:56 PM UTC-5, David Costa wrote: >> >> Hi Glenn, >> >> >> >> Many thanks for you answer, it will help me to customize my configurations >> based on agent names and profiles. >> >> In this particular issue what I was looking for, was the ability to be >> sure that rootcheck never runs at same time for two specific machines. >> >> From your answer I see that I can set different frequencies based on agent >> name and profile, but If we could only configure frequency I don't see how >> we can be sure they never run at same time. >> >> Do you know when ossec start counting frequency? >> >> >> >> Thanks, >> >> David Costa >> >> >> >> >> >> De: [email protected] [mailto:[email protected]] Em nome >> de David Costa >> Enviada: sexta-feira, 2 de Janeiro de 2015 15:17 >> Para: [email protected] >> Assunto: [ossec-list] Tune scheduling of Rootcheck >> >> >> >> Hello, >> >> >> >> On OSSEC server, beside frequency it's possible configure other time >> parameters to schedule the Rootcheck? >> >> Our intention is to set different schedules for Rootcheck on different >> ossec-client machines. Mainly not run Rootcheck at same time on all >> ossec-clients. >> >> The issue that we face is huge load on physical machine that support many >> virtual machines, running ossec-client. This because all virtual machines >> runs Rootcheck at same time. >> >> >> >> Thanks, >> >> David Costa >> >> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
