I have been exploring ossec for use in a PCI environment. One of the
requirements that we've been given is file-integrity checking for log
files, which I'm not sure ossec can do; I'm assuming it does not put log
files into the default integrity-checking options because they change
size by definition. I did read about log file signing, but it appears
that this would only work with old logs. I tested this by altering the
current /var/log/secure log of a machine with the ossec agent, and it
didn't seem to notice anything in particular amiss. Anyone know if
there's any way to do this in ossec, or do I need to use a separate tool
such as syslog-ng for this?

Reply via email to