On Wed, Apr 22, 2015 at 12:31 AM, 'RAM190E' via ossec-list <ossec-list@googlegroups.com> wrote: > Hello, > > Please help explain why ssh_integrity_check_linux runs and ssh_generic_diff > runs almost every 8-9 hrs or so. Even if the frequency is set to 180 and > 300 in ossec.conf? >
The syscheck frequency should not affect the agentless frequency: http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.agentless.html#element-frequency > Thank you in advance!! > > Regards, > Ram > > OSSEC.CONF: > > <ossec_config> > <syscheck> > <frequency>300</frequency> > </syscheck> > > <agentless> > <type>ssh_integrity_check_linux</type> > <frequency>180</frequency> > <host>ossec@1.2.3.4</host> > <state>periodic</state> > <arguments>/bin /etc /sbin</arguments> > </agentless> > > <agentless> > <type>ssh_generic_diff</type> > <frequency>300</frequency> > <host>ossec@1.2.3.4</host> > <state>periodic_diff</state> > <arguments>ls -la /etc; cat /etc/passwd</arguments> > </agentless> > > </ossec_config> > > > > ** OSSEC.LOG contains: > > 2015/04/20 21:36:43 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Started. > 2015/04/20 21:36:43 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Starting. > 2015/04/20 21:37:03 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Finished. > 2015/04/20 21:38:14 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Started. > 2015/04/20 21:38:14 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Starting. > 2015/04/20 21:38:14 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Finished. > 2015/04/21 06:00:48 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Started. > 2015/04/21 06:00:48 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Starting. > 2015/04/21 06:01:06 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Finished. > 2015/04/21 06:02:18 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Started. > 2015/04/21 06:02:18 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Starting. > 2015/04/21 06:02:18 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Finished. > 2015/04/21 14:23:29 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Started. > 2015/04/21 14:23:29 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Starting. > 2015/04/21 14:23:45 ossec-agentlessd: INFO: ssh_integrity_check_linux: > ossec@1.2.3.4: Finished. > 2015/04/21 14:24:57 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Started. > 2015/04/21 14:24:57 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Starting. > 2015/04/21 14:24:57 ossec-agentlessd: INFO: ssh_generic_diff: ossec@1.2.3.4: > Finished. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
