Hi,
I have a couple of questions regarding FIM/System Integrity check. I'm
hoping this would help others as well starting off with OSSEC.
- When a new agent is installed does it run the system integrity check
automatically? or does the <scan_on_start> option needs to be enabled?
- I have kept the default for scan frequency (20 hours). How can I
verify if the Integrity scan actually did run?
- I get "** No entries found" when the command - syscheck_control -i
agentID is executed
- If I see the agent name under /var/ossec/queue/syscheck can I
assume that an initial scan was run on the system?
- Do I need to setup a time for the scan to happen? <scan_time>
- Can I stagger the scan time for the agents? aka create groups by agent
name and scan them at different times?
Thank you again for the guidance!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
