Hi Chris,
It's really curious that Syscheck creates the diff file but doesn't send
it. There should be no difference between configuring it in real-time or
not.
I see that the diff file matches the actual change by the size difference.
However, did you see any error at the
All,
I have hundreds of machines that are (supposed to be) all configured
exactly the same way via kickstarts and periodic Puppet runs. I've noticed
that sometimes a Puppet push will modify a file across all of our machines,
and the resulting syscheck notifications are a mixed bag - some have
