Nope, not at the moment.
On Fri, Feb 24, 2012 at 9:24 AM, Weezel <mcwee...@gmail.com> wrote: > I have a log collection/correlation engine running on a centralized > rsyslog server. I have configured ossec to log to a local rsyslog > forwarder in the <syslog_output> stanza of the server's ossec.conf and > am seeing rule alerts that fire from the ossec server end up in > syslog: > > Alert Level: 7; Rule: 550 - Integrity checksum changed.; Location: > XXXX->syscheck; Integrity checksum changed for: '/usr/sbin/automount' > > I have not been seeing any of the change details that appear in email > alerts, however. Is there an option to enable checksum or file diff > logging to syslog? I'm thinking about something like this: > > Alert Level: 7; Rule: 550 - Integrity checksum changed.; Location: > XXXX->syscheck; Integrity checksum changed for: '/usr/sbin/ > automount'; oldsize: '12345'; newsize: '12346'; oldmd5: 'md5checksum'; > newmd5: 'md5checksum'; oldsha1: 'sha1checksum'; newsha1: > 'sha1checksum' > > Thanks in advance! > > Weezel
