-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.7 don;t have new files alerts #2117
Comments
That frequency might be too low, Im assuming thats what your 300 is? That might not be finishing a scan before its stopped and restarted. Also you might want to check out the realtime option. Last tip, use / instead of \ since if you end a path with \ it will break the XML |
hello. I have already tried it and waited for some time. As far as I can see, it still It's still not generating new file alerts. I download new files in D:\downloads and observe the ossec.log. I saw ""WARN: Error opening directory: 'D:/downloads/statistical-review-of-world-energy-2023.pdf.crdownload': No such file or directory"" (this is my new file ) in another aspect, use " cat ./......../alerts.log | grep "downloads" or 554 in the server. just the news about "file was deleted" |
I used ossec_server_3.7 and ossec_agent_windows_3.7. agent computer:windows 11. i
the question I meet:
It can't create new file alert. What I have learned is that use alert_new_files and overwrite the rule 554. I didi so. But nothing happend
as followed is my configuration:
300
<auto_ignore>no</auto_ignore>
<alert_new_files>yes</alert_new_files>
D:\downloads
2:
ossec
<decoded_as>syscheck_new_entry</decoded_as>
File added to the system.
syscheck,
how to solve it. ask for help!
The text was updated successfully, but these errors were encountered: