Hi,
I have been exploring ossec for use in a PCI environment. One of the requirements that we've been given is file-integrity checking for log files, which I'm not sure ossec can do; I'm assuming it does not put log files into the default integrity-checking options because they change size by definition. I did read about log file signing, but it appears that this would only work with old logs. I tested this by altering the current /var/log/secure log of a machine with the ossec agent, and it didn't seem to notice anything in particular amiss. Anyone know if there's any way to do this in ossec, or do I need to use a separate tool such as syslog-ng for this?
