Dear Mailing list There is query regarding the integrity monitoring of Ossec. This tool gives flawless information regarding the changes in the file
1) Is there any option to know who have changed the file ? (Apart from information regularly received) 2) Can we view the file change at or almost realtime ? May be if we monitoring only a few files. We have tried the same by monitoring only some critical files and running the syscheck demon after every 5 minutes but in this due course there was issues regarding regular logging like alerts are not triggered unless you restart the agent and even then it gets stalled with no errors in log on both sides. Is there some better way to implement the same. Thanks & Regards Gagan To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
