Hi!
You are right bummer :-(
I'm looking for exactly the same thing and just for fun a diff from original
to new.
I will keep looking If ever I find something I will let you know
Dan
-----Message d'origine-----
De : [email protected] [mailto:[email protected]] De la
part de Dimitris Chontzopoulos
Envoyé : 13 juil. 2010 10:52
À : [email protected]
Objet : RE: [ossec-list] How to identify the User making the change - syscheck
& real-time monitoring
That's a bummer :-(
Thank you for your reply.
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of dan (ddp)
Sent: Tuesday, July 13, 2010 17:18
To: [email protected]
Subject: Re: [ossec-list] How to identify the User making the change - syscheck
& real-time monitoring
There isn't a way to currently do this. You could correlate the alerts
with audit files if necessary.
On Tue, Jul 13, 2010 at 9:47 AM, Dimitris Chontzopoulos
<[email protected]> wrote:
> Hello guys,
>
> I was wondering, is there a way to also include the Account that is
> responsible for changing a file, thus, changing the hash of
the
> file?
>
> Is this possible via syscheck and real-time monitoring?
>
>
>
> Kind Regards,
>
>
>
>
> Dimitris
>
>
Avis de confidentialité : Ce courriel et les pièces qui y sont jointes
contiennent de l'information confidentielle et peuvent être protégés par le
secret professionnel ou constituer de l’information privilégiée. Ils sont
destinés à l'usage exclusif de la (des) personne(s) à qui ils sont adressés. Si
vous n'êtes pas le destinataire visé ou la personne chargée de transmettre ce
document à son destinataire, vous êtes avisé par la présente que toute
divulgation, reproduction, copie, distribution ou autre utilisation de cette
information est strictement interdite. Si vous avez reçu ce courriel par
erreur, veuillez en aviser immédiatement l’expéditeur par téléphone ainsi que
détruire et effacer l'information que vous avez reçue de tout disque dur ou
autre média sur lequel elle peut être enregistrée et ne pas en conserver de
copie. Merci de votre collaboration.
Notice of Confidentiality: This electronic mail message, including any
attachments, is confidential and may be privileged and protected by
professional secrecy. They are intended for the exclusive use of the addressee.
If you are not the intended addressee or the person responsible for delivering
this document to the intended addressee, you are hereby advised that any
disclosure, reproduction, copy, distribution or other use of this information
is strictly forbidden. If you have received this document by mistake, please
immediately inform the sender by telephone, destroy and delete the information
received from any hard disk or any media on which it may have been registered
and do not keep any copy. Thank you for your cooperation.
