That's a bummer :-( Thank you for your reply.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Tuesday, July 13, 2010 17:18 To: [email protected] Subject: Re: [ossec-list] How to identify the User making the change - syscheck & real-time monitoring There isn't a way to currently do this. You could correlate the alerts with audit files if necessary. On Tue, Jul 13, 2010 at 9:47 AM, Dimitris Chontzopoulos <[email protected]> wrote: > Hello guys, > > I was wondering, is there a way to also include the Account that is > responsible for changing a file, thus, changing the hash of the > file? > > Is this possible via syscheck and real-time monitoring? > > > > Kind Regards, > > > > > Dimitris > >
