Daniel,
Thank you for the response. Mostly I want to be able to set a specific
time and/or time/day that will
coincide with system updates and also have a regular scan schedule.
The syscheck default is every two hours.
21600
OSSEC is a pretty amazing tool. We have been reviewing commercia
Hi Reggie,
Yes, you can set the scan time on the client side, but you can only have one per
agent. I don't think it is very useful to scan more than once per day,
but we can
add support for this in the future.
thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Mon, Jan 26, 2009 at 12:01 PM, Reg
I have a few questions related to this thread.
1. I noticed that exists on
the client side. Is it possible to set
the there?
2. Is it possible to set multiple s?
This is my 4th post to the list in the last few months. Hopefully this
one gets a response.
-Reggie
Daniel Cid wrote:
> Hi Er
Hi Eric,
I understand your pain in there :) What I have done in the past (which
worked for me) was to do the
following:
1-Configured syscheck to run at a determined interval instead of a
frequency (in my case to run
every day after 9pm):
21:00
no
2-After that, I created a sample local
Greetings:
Ditto... we do a lot of security patching for our customers who are
tied to our ossec server, and it is not uncommon to get several
hundred ossec alerts within minutes to as much as within 24 hours of
the update which makes it harder to follow real ossec reports that
matter.
Thank you
I am interested in this topic as well. In my case, I have a number of servers
that I have yum automatically installing the latest updates. Of course, this
triggers a flood of false positives. One idea I was thinking about was to
develop a yum plugin that would calculate new checksums as yum