3.7 don;t have new files alerts

[xmysdsb]

I used ossec_server_3.7 and ossec_agent_windows_3.7. agent computer:windows 11. i
the question I meet:
It can't create new file alert. What I have learned is that use alert_new_files and overwrite the rule 554. I didi so. But nothing happend
as followed is my configuration:

300
<auto_ignore>no</auto_ignore>
<alert_new_files>yes</alert_new_files>
D:\downloads

2:
ossec
<decoded_as>syscheck_new_entry</decoded_as>
File added to the system.
syscheck,
how to solve it. ask for help!

[atomicturtle]

That frequency might be too low, Im assuming thats what your 300 is? That might not be finishing a scan before its stopped and restarted. Also you might want to check out the realtime option. Last tip, use / instead of \ since if you end a path with \ it will break the XML

[xmysdsb]

hello. I have already tried it and waited for some time. As far as I can see, it still It's still not generating new file alerts. I download new files in D:\downloads and observe the ossec.log. I saw ""WARN: Error opening directory: 'D:/downloads/statistical-review-of-world-energy-2023.pdf.crdownload': No such file or directory"" (this is my new file )

in another aspect, use " cat ./......../alerts.log | grep "downloads" or 554 in the server. just the news about "file was deleted"

[wolle604]

Can you provide your client syscheck configuration?