Just to add the error when set up the *scan_day* and *scan_time *to rootcheck config:
*ossec-config(1230): ERROR: Invalid element in the configuration: 'scan_day'ossec-config(1230): ERROR: Invalid element in the configuration: 'scan_time'* quarta-feira, 11 de Fevereiro de 2015 às 18:16:28 UTC, Ricardo Perre escreveu: > > Hi, > > I've tested and only frequency is supported by rootcheck. > > Are you planning to add time and day to rootcheck config? > > Thank you > > segunda-feira, 5 de Janeiro de 2015 às 15:08:37 UTC, dan (ddpbsd) escreveu: >> >> On Fri, Jan 2, 2015 at 1:49 PM, Glenn Ford <[email protected]> wrote: >> > According to the documentation only syscheck supports scan time/date. >> > Appaears rootcheck only supports frequency. >> > >> > However, You could cron job easily enough agent_control (in bin folder >> on >> > ossec server) and use the -u option to specify agentid but this also >> does a >> > syscheck. >> > >> > I am surprised rootcheck doesnt have the scan time/date support and you >> > could request this added if indeed documentation is accurate and not >> > supported. >> > >> >> If it's not already supported and undocumented, adding the support >> should be pretty easy. We can be fairly quick with pull requests. >> >> > I am not sure when frequency is, I'd presume at T0 from last >> completion. >> > >> > On Friday, January 2, 2015 1:33:56 PM UTC-5, David Costa wrote: >> >> >> >> Hi Glenn, >> >> >> >> >> >> >> >> Many thanks for you answer, it will help me to customize my >> configurations >> >> based on agent names and profiles. >> >> >> >> In this particular issue what I was looking for, was the ability to be >> >> sure that rootcheck never runs at same time for two specific machines. >> >> >> >> From your answer I see that I can set different frequencies based on >> agent >> >> name and profile, but If we could only configure frequency I don't see >> how >> >> we can be sure they never run at same time. >> >> >> >> Do you know when ossec start counting frequency? >> >> >> >> >> >> >> >> Thanks, >> >> >> >> David Costa >> >> >> >> >> >> >> >> >> >> >> >> De: [email protected] [mailto:[email protected]] Em >> nome >> >> de David Costa >> >> Enviada: sexta-feira, 2 de Janeiro de 2015 15:17 >> >> Para: [email protected] >> >> Assunto: [ossec-list] Tune scheduling of Rootcheck >> >> >> >> >> >> >> >> Hello, >> >> >> >> >> >> >> >> On OSSEC server, beside frequency it's possible configure other time >> >> parameters to schedule the Rootcheck? >> >> >> >> Our intention is to set different schedules for Rootcheck on different >> >> ossec-client machines. Mainly not run Rootcheck at same time on all >> >> ossec-clients. >> >> >> >> The issue that we face is huge load on physical machine that support >> many >> >> virtual machines, running ossec-client. This because all virtual >> machines >> >> runs Rootcheck at same time. >> >> >> >> >> >> >> >> Thanks, >> >> >> >> David Costa >> >> >> >> >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
