Dan Parriott
Dan Parriott
`\S` should allow any non-whitespace characters.
I've run into this before. Can't remember how I solved it off hand.
Do you have the alert on new files setting enabled?
The agents log something when they're done with a syscheck run. Some of my syscheck logs look like this: ``` 2019/11/29 15:14:15 ossec-analysisd: SyscheckInit completed. 2019/11/29 15:14:24 ossec-syscheckd: INFO: Starting...
@nitrocode 1. There will be downtime when you restart the OSSEC processes on the OSSEC server. Unless, I guess, if you create a new OSSEC server and copy the agents...
@dangarthwaite I'll see if I have a 3.1 host or 2 left and try to write an upgrade guide.
Basically no one has done the work to move the binaries out of /var. It's not hard, it just takes effort that everyone thought would be better spent elsewhere. I'm...
Thanks. We haven't really updated the documentation past 3.2 yet. I'm hoping we can add an option to use a system installed pcre2 as well, but I haven't looked into...
@d4t4king Was there any output that might help track down the issue? What OS/distro are you trying this on? Were the PCRE2 packages installed? Are there dev/devel packages that need...
@d4t4king It looks like you're not using `PCRE2_SYSTEM=y` (and have the appropriate package installed), and you didn't download the pcre2 source. ``` wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz tar xzf pcre2-10.32.tar.gz -C src/external ```