How to stop WAA Real-time Monitoring?

How to stop WAA Real-time Monitoring?

Question:

How to stop WAA Real-time Monitoring?

 

Customer Environment:

1) OS for WebALARM Agent (WAA): Linux

2) WebALARM (WA) version: v4.3.X

 

Answer:

Refer to the manual workaround below:

Boot options to set the /usr/local/wa4/wa --port=8079 --syslog=ERROR --disable-realtime --force-uploadscan 

 

A. For Redhat 6 you may use the following procedure:

      1. Stop WA: type /sbin/initctl stop wa

      2. add the "--disable-realtime" into the wa configuration file

          e.g.: exec /usr/local/wa4/wa --port=9999 --syslog=ERROR --disable-realtime

      3. Start WA: type /sbin/initctl start wa 

 

B. For Redhat 5/4 you may use the following command:

      1. add the "--disable-realtime" into the wa configuration file

          e.g.: exec /usr/local/wa4/wa --port=9999 --syslog=ERROR --disable-realtime

      2. restart WA: type telinit q


More information:

1. The --force-uploadscan is not needed to stop real-time monitoring. This would only be used when upload changes not being detected and a full scan is required after each upload.

2. Referencewebalarm_usermanual_4.3_EN.pdf P40 

    • Related Articles

    • Linux kernel upgrade for real-time monitoring to work

      Question: Is there a need to reinstall WebALARM after a Linux kernel upgrade for real-time monitoring to work? Answer: No. There is no need to reinstall WebALARM agent for Linux after a kernel upgrade. More Information: This feature is available for ...

    • What is the minimum kernel version requirement for WebALARM Linux real-time monitoring?

      Question: What is the minimum kernel version requirement for WebALARM Linux real-time monitoring?   Answer: For real-time monitoring in Linux, the minimum supported kernel version is 2.6.15. Any CentOS/RHEL version 5 or above would meet the ...

    • Tips for linux real time detection setting

      Question: We have plan to let WAA monitor tons of files. Any tips for linux real time detection setting? Answer: Can you refer and set following options. 1. max_queued_events - Settings recommendation: 3x max_user_watches +20% buffer e.g. 90,000 is ...

    • [ScanMyPage] Monitoring Result-Error Status on HTML and Visual

      Details: ScanMyPage showing 'Error' status for both HTML and Visual result. Explanation: ​Error means ScanMyPage cannot reach the web page as it might due to the web site was down /AWS down/firewall issue/network error/certificate expired. This may ...

    • WAA - Tampered file related FAQ

      Customer Environment: OS for WebALARM Agent (WAA): Linux   Question(s) & Answer(s):   Q1: What is the directory for tampered file in WA(Linux)? A: "/usr/local/wa4/wa.err/" Q2: Does the tampered file format would be changed once it is copied into the ...