Hey all, I need syscheck to monitor for if a log file was tampered with (zeroed out or modified/edited). Right now it seems that if you have syscheck monitor a log file for this purpose, it will generate tons of 'false positives' because log files are pretty dynamically changed/rotated.
Anyway to have OSSEC check if someone was trying to edit the file though? Thanks! jeremy
