Issues with File Integrity Monitoring (Syscheck) #2088
Comments
|
Thats probably too low, my guess is what is happening is that the scan cant complete before it gets started again. You can see when syscheck finishes its scan in ossec.log. Also have you tried out the realtime setting? |
|
Ah, thank you. I have another question regarding the log analysis, does OSSEC only analyse logs from syslog? Or does it analyse from other log files as well? |
|
Oh yeah a ton of other formats, like the eventchannel on windows, or journald on linux. |
|
Closing this out as solved, but re-open this if it didnt cover your issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I was trying to configure syscheck to occur every 60seconds instead of the default 22hours. However, after I changed it, as a proof of concept, i decided to add in a comment in the ossec.conf file. To my understanding, in 60seconds ossec should be able to pick up that the ossec.conf file has been modified and flag an alert but none was flagged in my case. Why could that be the case?
The text was updated successfully, but these errors were encountered: