Greetings everyone: Is there a way to reset the syscheck database? My systems have a number of critical binaries, such as php, that get updated occasionally and ossec is now saying "integrity checksum changed (3rd time)". I don't want auto-ignore to start ignoring these files the next time they're updated, and I really don't want to turn off auto- ignore and write an ignore rule for every frequently changed file. So I was hoping there is a way to reset the integrity checking database?
Anybody have any enlightenment? --cryogen
