$ diff -u ossec-slack.sh ossec-slack.sh.old
--- ossec-slack.sh2018-04-24 18:51:45.0 -0700
+++ ossec-slack.sh.old2018-04-24 18:52:10.0 -0700
@@ -27,9 +27,6 @@
echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >>
${PWD}/../logs/active-responses.log
ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep
-v ".$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep
"Rule: " -A 4 | cut -c -139 | sed 's/\"//g'`
-# add the agent ID
-ALERTFULL=`echo ${6}; echo ${ALERTFULL}`
-
PAYLOAD='{"channel": "'"$CHANNEL"'", "username": "'"$SLACKUSER"'", "text":
"'"${ALERTFULL}"'"}'
ls "`which curl`" > /dev/null 2>&1
On Monday, September 11, 2017 at 10:10:16 AM UTC-7, dan (ddpbsd) wrote:
>
> On Mon, Sep 11, 2017 at 7:56 AM, Fredrik Hilmersson
> wrote:
> > Hello,
> >
> > I'm wondering if it would be possible to do a small update regarding the
> > ossec-slack integration to report from which host the integrity check
> > reports from.
> > Today an alert message looks like:
> >
> > Rule: 551 (level 7) -> 'Integrity checksum changed again (2nd time).'
> > Integrity checksum changed for: '/usr/bin/lxc'
> > Old md5sum was: 'checksum'
> > New md5sum is : 'checksum'
> > Old sha1sum was: 'checksum'
> >
> > however, it obviously doesn't state on which agent the checksum change
> > occurred. Hopefully you could add this to the ossec-slack integration.
> >
>
> I won't use ossec-slack.sh, so if you can come up with a diff and post
> a pull request, I'll merge it.
>
> > Kind regards,
> > Fredrik
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to ossec-list+...@googlegroups.com .
> > For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.