Can this be because of my global email settings is as below?
yes
us...@foo.com
us...@foo.com
ap-smtp-ggrc.pool.gittigidiyor.net
oss...@warn.foo.com
1
I changed the email_maxperhour to 1000. Should i use do_not_dleya?
26 Ocak 2018 Cuma 15:28:15 UTC+3 tarihinde Oğuz Yarımtepe yazdı:
>
> Belay is my agent.conf
>
>
>
>
>
> 21600
>
> yes
> yes
> no
>
>
> report_changes="yes">/usr/local/etc
> report_changes="yes">/lib,/lib64,/usr/lib,/usr/lib64
> report_changes="yes">/usr/local/bin
> report_changes="yes">/usr/local/sbin
> report_changes="yes">/usr/local/lib
> report_changes="yes">/usr/local/lib64
> report_changes="yes">/home/cyblnxadm
> report_changes="yes">/etc,/usr/bin,/usr/sbin
> report_changes="yes">/bin,/sbin,/boot
>
>
> /etc/mtab
> /etc/hosts.deny
> /etc/mail/statistics
> /etc/random-seed
> /etc/random.seed
> /etc/adjtime
> /etc/httpd/logs
> /etc/utmpx
> /etc/wtmpx
> /etc/cups/certs
> /etc/dumpdates
> /etc/svc/volatile
> /var/ossec
>
>
>
> /etc/ssl/private.key
>
>
>
> no
> yes
> /var/ossec/etc/shared/system_audit_rcl.txt
> /var/ossec/etc/shared/system_audit_ssh.txt
>
> /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
>
> /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt
>
> /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt
> /var/ossec/etc/shared/rootkit_files.txt
>
> /var/ossec/etc/shared/rootkit_trojans.txt
>
>
>
> syslog
> /var/log/messages
>
>
>
> syslog
> /var/log/secure
>
>
>
> syslog
> /var/log/maillog
>
>
>
>
>
>
> when i change a file under /home/cyblnxadm, i get the email after 1 hour.
> Any idea about the delay? My real time monitoring is started and i can see
> that at the logs. But the messages are coming delayed.
> I am using Centos7 and and installed ossec agent using atomicrepo.
>
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
