Also, to clarify auto_ignore is set to 'no' - <auto_ignore>no</auto_ignore>
On Wednesday, January 18, 2017 at 3:27:57 PM UTC-5, Nikki S wrote: > > Hi, > > I have a couple of questions regarding FIM/System Integrity check. I'm > hoping this would help others as well starting off with OSSEC. > > - When a new agent is installed does it run the system integrity check > automatically? or does the <scan_on_start> option needs to be enabled? > - I have kept the default for scan frequency (20 hours). How can I > verify if the Integrity scan actually did run? > - I get "** No entries found" when the command - syscheck_control -i > agentID is executed > - If I see the agent name under /var/ossec/queue/syscheck can I > assume that an initial scan was run on the system? > - Do I need to setup a time for the scan to happen? <scan_time> > - Can I stagger the scan time for the agents? aka create groups by > agent name and scan them at different times? > > > Thank you again for the guidance! > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.