All Questions
1
question
0
votes
2
answers
1k
views
ossec realtime file monitoring only reports on first change but fullow up changes are only reported by scheduled follow up scans
we currently have some ossec agents running on windows and real time monitoring for files activated - with the following configuration on the agent site:
<syscheck>
<!-- Frequency that ...
- 29