Improvements in syscheck realtime monitoring #434

vikman90 · 2018-03-08T06:20:02Z

Related issue: #431

Upgrade checksum hash table for every reported file (not only the first time)
Internal option syscheck.rt_delay to tune the delay before attending an RT notification. The default configuration decreases the delay from 1 second to 10 milliseconds
Granularize syscheck RT process from 5 minutes to 1 second. This will make the frequency option more accurate.
Allow to speed up the startup time: formula changed from tsleep + 10 to tsleep * 5. The actual delay will remain for the default configuration, but this formula allows to null the time if syscheck.sleep is set to 0 in the internal options.

vikman90 added 3 commits March 7, 2018 21:32

Upgrade internal syscheck database whenever a checksum changes

2469729

Internal option to configure the syscheck realtime reporting delay

70c9536

Granularize syscheck real-time process time

efc0477

vikman90 assigned albertomn86 Mar 8, 2018

vikman90 requested a review from albertomn86 March 8, 2018 06:20

Update changelog

e7fc686

vikman90 added the type/enhancement New feature or request label Mar 8, 2018

mgmacias95 force-pushed the master branch from 3c8b089 to ca26a58 Compare March 8, 2018 16:24

albertomn86 merged commit 95000ca into master Mar 11, 2018

albertomn86 deleted the dev-syscheck-updatedb branch March 11, 2018 02:41

chemamartinez mentioned this pull request Jun 6, 2018

New internal option for Syscheck wazuh/wazuh-documentation#245

Closed

vikman90 added the module/fim File Integrity Monitoring label Jun 19, 2018

soynof mentioned this pull request Aug 7, 2023

Engine - KVDB - Prefix Search #18293

Merged

4 tasks

Provide feedback