Hi, If I get an alert that a file has changed using OSSEC, how can I view the before-and-after of the file?
For Example, something like: File changed - *%systemroot%\system32\drivers\etc\hosts* *Content Before:* 127.0.0.1 localhost *Content After:* 127.0.0.1 localhost *196.77.23.1 spam.testsite.com* Does OSSEC have this feature? Thanks! Logos
