The first time the sysceck process runs it creates a baseline database. On
subequent runs it should compare the new info to the older db. I do not know if
these checks are done after it has finished its run, or if it checks for
changes as it goes through the fs.
If you're using a realtime capabl
Hi,
You probably have to wait a little more until the changes are send
over. The scan
itself takes more than 20 minutes to start, so if you are making these
changes as
soon as you start ossec, they will not be picked up.
If you want realtime detection, use the "realtime" option:
http://www.osse
I have done a server installation on RHEL5. There are no agents yet.
I am carrying out some basic testing and not seeing any file integrity
checking.
I have changed frequency to 90 seconds
I have tried using both one of the standard directories (/usr/sbin)
and a custom one (/var/ossec-test).
The l
