Thanks, we will check into that today and see what we find. It appears it
merely overwrites versus replacing though
All the best
Grant
On Friday, February 24, 2017 at 9:50:12 PM UTC-5, Victor Fernandez wrote:
>
> Hi Grant,
>
> how is that file overwritten? I mean, is it truncated and
Hi Grant,
how is that file overwritten? I mean, is it truncated and re-written or is
replaced by another?
OSSEC follows local files and never reads them again from the beginning,
there is no mechanism to detect that a previous file segment has been
changed. But OSSEC does detect that a file
How can we get the ossec agent to read a localfile that overwrites itself?
The CIS CAT benchmarks write a .txt file which we are reading with
"syslog" as the local file
However when the benchmark tests run, ossec does not appear to re-read the
log, its as if it never gets read again.
As it