Comments on: Week of OSSEC Day 2: Detecting New Files http://www.immutablesecurity.com/index.php/2009/10/26/week-of-ossec-day-2-detecting-new-files/ Information Security, Privacy and Personal Liberty Sun, 29 Jan 2012 17:21:21 +0000 hourly 1 http://wordpress.org/?v= By: mstarks http://www.immutablesecurity.com/index.php/2009/10/26/week-of-ossec-day-2-detecting-new-files/comment-page-1/#comment-380 mstarks Wed, 10 Mar 2010 19:22:36 +0000 http://www.immutablesecurity.com/?p=229#comment-380 <blockquote cite="#commentbody-377"> <strong><a href="#comment-377" rel="nofollow">Devendra</a> :</strong> <p>Another question…will the new file alert gets generated only during next scheduled scan or can it be fired real time if “real time” option is set? It doesnt seems to be working in real time for me.</p> </blockquote> Hello Devendra, I could be wrong, but I believe you will get a new file alert in a currently monitored directory upon restarting OSSEC, or in a newly added directory after the next syscheck scan runs. Regards, Mike

Devendra :

Another question…will the new file alert gets generated only during next scheduled scan or can it be fired real time if “real time” option is set? It doesnt seems to be working in real time for me.

Hello Devendra,

I could be wrong, but I believe you will get a new file alert in a currently monitored directory upon restarting OSSEC, or in a newly added directory after the next syscheck scan runs.

Regards,
Mike

]]> By: Devendra http://www.immutablesecurity.com/index.php/2009/10/26/week-of-ossec-day-2-detecting-new-files/comment-page-1/#comment-377 Devendra Wed, 10 Mar 2010 09:01:46 +0000 http://www.immutablesecurity.com/?p=229#comment-377 Another question...will the new file alert gets generated only during next scheduled scan or can it be fired real time if "real time" option is set? It doesnt seems to be working in real time for me. Another question…will the new file alert gets generated only during next scheduled scan or can it be fired real time if “real time” option is set? It doesnt seems to be working in real time for me.

]]> By: Devendra http://www.immutablesecurity.com/index.php/2009/10/26/week-of-ossec-day-2-detecting-new-files/comment-page-1/#comment-376 Devendra Wed, 10 Mar 2010 08:32:13 +0000 http://www.immutablesecurity.com/?p=229#comment-376 Please ignore my question. I realized those xml's are only manager. Please ignore my question. I realized those xml’s are only manager.

]]> By: Devendra http://www.immutablesecurity.com/index.php/2009/10/26/week-of-ossec-day-2-detecting-new-files/comment-page-1/#comment-375 Devendra Wed, 10 Mar 2010 08:23:48 +0000 http://www.immutablesecurity.com/?p=229#comment-375 Are the changes in ossec_rules.xml & local_rules.xml required on the agent host or the manager host to alert on new files ? Thanks. Are the changes in ossec_rules.xml & local_rules.xml required on the agent host or the manager host to alert on new files ?

Thanks.

]]>