You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I was trying to configure syscheck to occur every 60seconds instead of the default 22hours. However, after I changed it, as a proof of concept, i decided to add in a comment in the ossec.conf file. To my understanding, in 60seconds ossec should be able to pick up that the ossec.conf file has been modified and flag an alert but none was flagged in my case. Why could that be the case?
The text was updated successfully, but these errors were encountered:
Thats probably too low, my guess is what is happening is that the scan cant complete before it gets started again. You can see when syscheck finishes its scan in ossec.log. Also have you tried out the realtime setting?
Ah, thank you. I have another question regarding the log analysis, does OSSEC only analyse logs from syslog? Or does it analyse from other log files as well?
Hi, I was trying to configure syscheck to occur every 60seconds instead of the default 22hours. However, after I changed it, as a proof of concept, i decided to add in a comment in the ossec.conf file. To my understanding, in 60seconds ossec should be able to pick up that the ossec.conf file has been modified and flag an alert but none was flagged in my case. Why could that be the case?
The text was updated successfully, but these errors were encountered: