Thanks Dan - I wish there was realtime monitoring of files. On the
boxes I want this on, I have syscheck kicking off once every night. I
guess that's enough though. Hopefully
On Jul 14, 12:34 pm, "dan (ddp)" wrote:
> I setup an active response to restart my agents when syscheck noticed
> /var/oss
Have a mixed environment with 2000 nodes - HP, AIX, Linux, Windows,
Solaris.
The only common denominator (not for Windows) was using puppet. It
also makes managing groups of servers and configs so much easier. I
have specific recipes for different types of servers, regardless of
the OS. For example
Thank Dan and Kat.
Unfortunately, I've found that a number of our Linux boxes don't have
Inotify support. This was observed when I got the ossec-syscheckd
"WARN" error about realtime monitoring being ignored (at least, I'm
assuming that means Inotify is not supported or present).
We're still runn
Linux has had inotify/realtime support for a while. Ancient distros
don't, but anything decently recent should.
Windows also supports realtime.
On Thu, Jul 14, 2011 at 5:19 PM, jplee3 wrote:
> Thanks Dan - I wish there was realtime monitoring of files. On the
> boxes I want this on, I have sysche
