There is no way to do this out of the box, but we plan to add this
option in the future.
As a hack, it is possible but depends on which change you made.
If you only modified a log file to be monitored, you can kill only the
ossec-logcollector process
and leave all others running (killall ossec-logcollector;
/var/ossec/bin/ossec-logcollector) and
to the same most syscheck/rootcheck (only kill ossec-syscheckd).
The only exception is ossec-analysisd, which if you kill it, the other
processes will not work
until you start it back.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net