Hello group,
I have a UNIX systems administrator reporting that OSSEC is trying to
automount to /home/httpd on a certain system (Solaris) every 22 hours.
Within the ossec.conf syscheck remains at the default of every 22 hours.
The only directories being monitoried by syscheck are the default
Is there a log file that displays what authenticated user or the date
and time a new agent was added? I need to track a newly added agent to
the user that added - can't seem to figure out how..
Regards,
Hi group - OSSEC is used in our environment mainly for File Integrity
Monitoring. We've installed OSSEC locally on each server and the logs
are sent to a centralized logging solution.
Is there a way that OSSEC can alert when a file is moved or copied in/
from a particular directory? Currently we
Hi Group - I'd like to increase the max agents allowed on an already
built and active ossec server. All the documentation I've read states
to do this before you install or update ossec. Is there a way to do
this on an operating box? I really don't want to break this box as it
appears to be
I'm wondering if anyone has had this behavior - I'm only seeing this
on Linux systems. In the ossec.conf file instead of having an IP in
the syslog_output section I have LOGHOST and then I've added LOGHOST
to the /etc/hosts file. It appears that the syslog_output is not
being sent to the central
I'm not sure I've ever noticed this but how does ossec alert or notify
if an entire directory has been deleted or does it? If I'm monitoring /
etc/test/drivers for example and someone deletes the entire /drivers
directory will there be a notification similar to file changes?
Thanks!
I want to use OSSEC for File Integrity only...I do not want to see any
syslog messages from var/adm/messages etc...is the best way to not
see these just to comment out the entry in the OSSEC.conf file? I do
not want to have change any lines in the syslog.conf files...
Thanks!