-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 20, 2010, at 1:49 PM, Houcem HACHICHA wrote: > Hello everyone, > > I've successfully deployed ossec agent on a RedHat server. In fact, I am > collecting audit events related to the apache I've Installed on RH, mainly > about /etc/php.ini. > Ok this is all good but I have another apache installed on the RH server with > a diiferent php.ini (not in /etc) that I want ossec to monitor. > > Anyone has an idea how to configure ossec to audit a php.ini that is not > located under /etc ?
What do you mean by audit? Are you talking about integrity monitoring? Just add another directive to your ossec.conf file indicating what directory to monitor. <directories check_all="yes">/path/to/other/files/directory</directories> > Best regards, > Houcem HACHICHA - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkxGZy8ACgkQ8CjzPZyTUTQkSQCgl1NQeRt95ObzbLr+g1TSYjBG 6S0An0QHv4dJJ6GhsDYtUHDwRoYSU961 =vefK -----END PGP SIGNATURE-----
