Nagios..., we happen to use Icinga, I'll look at that approach. Thanks (again).
On Monday, August 21, 2017 at 5:42:30 PM UTC-5, dan (ddpbsd) wrote: > > > > On Aug 21, 2017 4:58 PM, "Leroy Tennison" <leroy.t...@gmail.com > <javascript:>> wrote: > > I'm hoping to implement a constraint where, if disk space used (on a > specific tree such as /home) changes by more than a certain percent then it > will trigger an alert. I have a controlled environment (PCI) where delta > disk space usage changes should be pretty predictable, my goal is to > hopefully spot malware installation or other tampering by an abnormal > change in disk space utilization. > > I realize that this approach is anything but perfect, however, I am hoping > it will augment monitoring for areas of the disk where strict checking is > not feasible. If there are alternative ways to accomplish this goal I'm > open to any suggestions. I looked at agentless monitoring but it appears > that the requirement is "exact match" or alert. I understand that I could > write a script which returned the same output if my criteria was met but > that would mean storing history locally which would itself be subject to > attack. I'm also not sure if agent and agentless configuration can be > combined. > > > You might be able to do some active response trickery, but I think > somethinglike nagios or collectd might be better suited for this. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.