Hi, you can find information about the precedence of* agent.conf *and *ossec.conf* here: https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html#precedence
The *alert_new_files *setting is only valid for manager. keep in mind that the first time that syscheck is executed (Monday - 08.00), it will create the database, so you will see alerts about changes the next time that syscheck runs (Tuesday - 08.00). I hope it helps. On Saturday, June 17, 2017 at 4:44:31 PM UTC+2, Kazim Koybasi wrote: > > I want to manually trigger Wazuh OSSEC syscheck like AIDE. I configure it > to check manually every day at 08:00 with below shared/agent.conf but even > whan I start syscheck with agent_control -r -a .It does not report changes > to alets.log. Do manager ossec.conf affect agents or every agent configured > with own ossec.conf and shared/agent.conf? My shared/agent.conf and manager > ossec.conf is like below and same config also applies in manager > ossec.conf. Thanks for reading. > > <agent_config> > <active-response> > <disabled>yes</disabled> > </active-response> > <syscheck> > > <scan_day>Monday,Tuesday,Wednesday,Thursday,Friday,Saturday,Sunday</scan_day> > <scan_time>08:00</scan_time> > <scan_on_start>no</scan_on_start> > <alert_new_files>yes</alert_new_files> > <frequency>604800</frequency> > </syscheck> > </agent_config> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
