Hi all I'm using ossec in a huge controlled environment with planned (and well tested) software upgrades. Every time such an update is done, ossec notifies all these (known) changes, sure. I'm wondering if there is any possibility to avoid this. Has anyone of you guys experience with that?
Maybe we could simply update the entries in <ossec-dir>/queue/syscheck/ syscheck to the "updated" values - before the next syscheck starts? Or is this file specially protected in any way? Is there a description of all the fields in this file? Or is there maybe a much easier way to do this? Thanks a lot! Wish you a nice day, Matthias
